![sdl threat modeling tool boundaries sdl threat modeling tool boundaries](https://docs.microsoft.com/en-us/azure/security/develop/media/threat-modeling-tool-feature-overview/canvasdrop1.png)
While the threat modeling for a feature should include everyone in the team that has a vested interest in the feature (developers, managers, designers, stakeholders), the threat modeling for a story can include only the developer working on it with, optionally, the help of your security specialist. Ideally, you will be doing the threat modeling once during feature breakdowns in the product development lifecycle in a grand scope and then again, in smaller scope for each story that is worked on. If you're looking to introduce threat modeling to an existing system, check the paragraph below. You should be doing threat modeling on a feature and story basis. With all the prerequisites out of the way, you can now focus on finding the vulnerabilities in your system. This is where the actual threat modeling comes in.
![sdl threat modeling tool boundaries sdl threat modeling tool boundaries](https://research.nccgroup.com/wp-content/uploads/2020/12/th-cc-11.png)
Prerequisites Assets and Security Goalsīefore getting into threat modeling you need to identify what it is you actually want to protect.
![sdl threat modeling tool boundaries sdl threat modeling tool boundaries](https://ars.els-cdn.com/content/image/3-s2.0-B9780128021200000059-f05-71-9780128021200.jpg)
As with (almost) everything, awareness is key. You'll very likely never find all potential threats but this exercise (done regularly) should help you over most of them. The goal of Threat Modeling is to figure out the vulnerabilities in your system and, if needed, plan to fix them.