What application security process can be described in these three major steps? 1. Decomposing the application 2. Determining and ranking threats 3. Determining countermeasures and mitigation

Threat modeling commonly involves decomposing the application to understand it and how it interacts with other components or users. Next, identifying and ranking threats allows you to focus on the threats that should be prioritized. Finally, identifying how to mitigate those threats finishes the process. Once complete, an organization can take action to handle the threats that were identified with appropriate controls.