There is no ‘one way’ to conduct an AVRA.
These paper-based threat modelling risk assessments can be adapted for the size, scale, and complexities of the organisation and the applications that are in scope for review. As such, Kontex can work with you to identify threats and vulnerabilities in a number of areas including:
Access and Identity
|Data in Transit||Data at rest||Security tooling|
|Asset Lifecycle||Trust Boundaries||External Access||
- Identify what is critical
- Understand your applications
- Holistically Approach Risk Management
- Identify and Remediate Risks
Kontex uses industry standard threat modelling techniques to account for the gaps that this testing and scanning cannot provide insight for:
Identify the In-Scope Application
Conduct Business Impact Assessments of your application estate, and prioritise the risk assessment process
Through a series of interviews and workshops Kontex will build and validate a dataflow diagram of the in-scope applications providing you with a clear understanding of the components and connections that make up your application
Kontex uses industry standard threat modelling tools and techniques such as STRIDE to find the threats and vulnerabilities exist in your application environment. Through these techniques a more holistic view of risk can be built.
Report & Remediate
Kontex will deliver an in-depth report which outlines how your system has been designed, the threats that have been identified, and a list of agreed actions that can be taken to remediate the findings