What term describes the practice of evaluating applications from an attacker's viewpoint?

The practice of evaluating applications from an attacker's viewpoint is known as threat modeling. This process involves identifying potential threats to an application, understanding the motivations and techniques an attacker might use, and considering how these threats can exploit vulnerabilities within the application. By simulating an attacker's perspective, security teams can anticipate and mitigate risks, ultimately improving the application's security posture.

Threat modeling enables organizations to prioritize security measures based on the likelihood and impact of potential attacks, aiding in the design of more resilient applications. This practice is proactive and focuses on identifying and addressing security concerns early in the development lifecycle.

Other terms like risk assessment, vulnerability scanning, and security auditing focus on different aspects of security. Risk assessment involves identifying and evaluating risks in a broader context without necessarily simulating an attacker’s perspective. Vulnerability scanning is a technical process used to identify existing vulnerabilities in systems but does not provide the strategic viewpoint of an attacker. Security auditing assesses compliance and effectiveness of security measures but does not specifically focus on simulating attacks. Thus, threat modeling distinctly encapsulates the idea of viewing applications through the eyes of a potential attacker.