Threat Modeling a SharePoint Application


An exploratory exercise in preventing data breaches and theft

 By Tony Graves SharePoint Developer and Consultant​

Threat Modeling Book Cover.jpg 


Threat modeling is about using models to find security problems. Using a model means abstracting away a lot of details to provide a look at a bigger picture, rather than the code itself. You model because it enables you to find issues in things you haven't built yet, and because it enables you to catch a problem before it starts.

Threat Modeling can be applied to software you're building or deploying, or software you're considering acquiring. Building a SharePoint Solution or website is no different. Here is a brief guide on how to build a minimum threshold for your organization in a SharePoint environment.

Not all content holds the same value for an organization. Some content is transitory and will only provide value for a short time, while other content serves as official records, preserving evidence for a transaction or decision making tool such as eDiscovery.

Based on the book, "Threat Modeling: Designing for Security" the only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!




Replies to this Topic

Milt and group,

is anyone available to do an overview of SharePoint 365 or SharePoint 2013 during the 2nd week of may  2015 in Central New Jersey??

please call me


Tim Butts

TEB1 & Associates LLC

Twitter:   @TEB1Consulting

Direct phone:  6098419144

"A genuine leader is not a searcher for consensus but a molder of consensus" 

Hi Tim,


I'll look into it and let you know.


Thanks for thinking of us.


Milt Haynes

BGG Consulting Services


Post Reply

You must be logged in and a member of this Groupsite in order to post a reply to this topic.
To post a reply, contact your group manager(s) Join this Groupsite


Powered by

Visibility Public Membership By Invitation or Approved Request Default Profile Professional

Your Status Not Logged-In