I have dedicated a whole chapter to this topic because people underestimate the importance of Application Threat Modeling (ATM). If you're an employee or a consultant in application security, you will always encounter projects that will deliver new releases of their product, and you will need to make sure to test these projects before they are deployed into the production servers. ATM happens at the beginning when the project is still in the Architecture phase. In fact, ATM is a security architecture document that allows you to identify future threats and to pinpoint the different pentest activities that need to be executed in the future deployment of the web application project.  

Here's the plan for this amazing chapter:

• Introducing the software development life cycle
• Application Threat Modeling at a glance
• Application Threat Modeling in real life
• Application Threat Modeling document structure and contents
• A practical example of an Application Threat Modeling document