Threat Modeling Web Applications
Patterns & practices introduces a new approach to threat modeling for Web applications. Threat modeling helps you model your security design so that you can expose potential security design flaws and vulnerabilities before you invest significant time or resources. This approach is integrated into MSF Agile in Visual Studio 2005 and builds on, simplifies, and refines the original six-step threat modeling process from Improving Web Application Security.
Check the full guide over here