Threat modeling is a structured approach to analyzing the security of an application. With threat modeling, you can discover, analyze, and organize all potential application security threats in a structured model. Threat modeling enables you to identify, quantify, and address the security risks associated with an application so that you can secure applications, minimize oversight, and properly escalate threats.
Threat modeling is not an approach to reviewing code, but it does complement the security code review process. Threat modeling can be used continuously throughout the software development lifecycle (SDLC), helping to ensure that applications are being developed with security that is built in from the beginning, and teams working throughout the SDLC have better visibility into potential security threats.