threat modeling

We assess your AWS infrastructure and give you hands-on resolution consultation

What is security threat modeling?

Security threat modeling, or threat modeling, is a methodology to locate and document risks, to prioritize and to derive action plans to mitigate.

It is an iterative process, where applications and its related infrastructure of digital products are being decomposed, to identify i.e. entry points, components, data flows, privilege boundaries and finally related risks and vulnerabilities.

Threat models need to follow the agile product development principles and not vice versa.


Agile Security Threat Modeling

While there are different threat modeling approaches, evolved since the 1990s, most of them are not created with agility in mind. But threat modeling needs to be part of the agile software development processes.

The Alice&Bob.Company’s approach will cover two phases:

Phase 1 We perform a threat modeling workshop in collaboration with the product team. This familiarizes the team with the ideas and procedures. We will together determine

The workshop can be done either in a face-to-face session or remotely.

Phase 2 We introduce how Agile Threat Modeling can become part of a DevSecOps approach and your agile product development procedures. Therefore, we focus on integrating the results of phase 1 into your existing individual agile structures.


Our teams had very productive collaborations with Alice&Bob. They validated and improved our architecture and design decisions, with a strong perspective on security.
I really appreciate their in-depth technical knowledge and experience, combined with their passionate 'can-do-attitude'.



Get a detailed overview of your cloud architecture, with identified vulnerabilities and misconfigurations. You will also receive defined clear steps to fix and improve you overall security posture.

A&B security specialist takes over the role of an attacker (ethical hacker) to compromise customers infrastructure and/or application and provides resolution and mitigation measures.
gdpr Workshop

This offer includes a training of the management team and product team in GDPR on AWS. Get insights of necessary transformations of your AWS infrastructure into a GDPR compliant state.