## 2.1 When to Threat Model Before writing a single line of code for any feature that: - Handles user input - Manages authentication/authorization - Touches sensitive data (PII, secrets, payment info) - Introduces a new network boundary
: Use Static Application Security Testing (SAST) tools to scan source code for flaws. Follow secure coding standards like the OWASP Top 10. security-driven software development pdf download