Human intelligence-based security evaluation

One good approach of identifying security problems is to think with a hacker’s mind. Human intelligence is able find security problems on different abstraction levels including specification, design or implementation. Our methodology is made up of the following activities:

  • Threat modeling from both the attacker and assets point of view
  • Definition of security assets and their important security properties based on the CIA triad principle
  • Visual representation of the various attacks using the Attack tree methodology
  • Collection of possible misuse-cases
  • Individual analysis of each relevant threat
  • Recommendations
  • Risk analysis


  • Flexible: Performs well with any IT system, embedded products, their software and hardware components
  • Scalable: Can build up from some ten to a hundred evaluation steps
  • Intelligent: Reveals security issues needing a human approach to be found