Waypoint Enterprise Threat Modeling Tool | VerSprite Waypoint Enterprise Threat Modeling Tool | VerSprite

Enterprise Threat
Modeling Platform

Waypoint - Threat Modeling Platform

Waypoint is an enterprise-ready threat modeling platform aimed at managing a portfolio of application threat models for a security champion. Supporting a strong RBAC model, development groups from different product groups will be able to uniquely use, build, and manage their own threat models while allowing a Security Champion to review each threat model for completeness and accuracy.

Learn how you can leverage Waypoint.

A Workflow for Threat Modeling

Many companies embracing threat modeling today are desperate to follow a workflow to define how, when, who, and what is produced by the process. Waypoint provides a process where many constituents to a threat modeling approach can contribute based upon an RBAC model. Multi-role supported use cases include the following:

  • Threat analysts can review and provide new threats to a given application threat model
  • Risk professionals can evaluate the inherent and residual risks associated with use cases for a an application threat model
  • Security professionals can review the range of countermeasures that are prescribed by the tool and enhance the library of countermeasures available to development teams
  • Architects can review a broader perspective on how application use cases and supporting application components that are correlated to security threats

System of Threat Modeling Information

Many of our clients are striving to create a repository for threat modeling artifacts. Traditionally best executed via a series of whiteboard sessions, Waypoint supports the means to correlate the collection of artifacts from various data flow diagramming exercises or even attack tree build outs in order to capture key documents supporting an application threat model.

Team and Enterprise Views

Clients that use Waypoint today have numerous product teams – each with their distinct process and methodology at times even. Waypoint provides for an enterprise regard to envelope threat modeling efforts company way for a Security Champion who may be responsible for validating the integrity of threat models to an internally defined approach or methodology. Conversely, unique RBAC permissions with Waypoint allow for groups to not share their own security dirty laundry with other groups and keeps their application threat models unique to their own users within their development teams.

Blind Threat Modeling

One of the terms that VerSprite introduced to the area of Application Threat Modeling is the notion of ‘Blind Threat Models’ – or threat models that preemptively address security controls and mitigations prior to knowledge of threats, attack patterns, or weaknesses associated with the application model. This idea of preemptive or ‘blind’ threat modeling is a good started for organizations looking to apply countermeasures to components within their applications. The idea is asset driven where assets are application components within an application threat model. Waypoint allows for users to identify what inherent countermeasures may want to be considered for the types of components and even use cases associated with the application. This provides a lower barriers for entry for groups looking to get into application threat modeling but may not have the full cycles to dedicate to the latter stages around threat analysis, attack modeling and testing that is required for more mature programs.

Build Personalized Libraries

Threat modeling needs good libraries in order to correlate lists of components to possible threats and mitigating countermeasures. Often, threat modeling tools box you in with finite lists. Waypoint has off the shelf libraries that you can use but also you can build your own lists. Need greater and particular range of application components defined and maintained by the tool? No problem. Waypoint allows for custom lists to be added to existing baseline component lists for clients to leverage. Also, countermeasure lists and threat listings provide for custom client additions. If you do not have the time and are to looking to subscribe to various content lists, those can also be developed by the VerSprite team.

Waypoint Video

Check out our YouTube intro video around Waypoint here:

Interested in a Waypoint Demo?

We are an international squad of professionals working as one.