An TLS Threat Model is one that starts with the question "What is the business impact of an attacker's ability to observe, intercept and manipulate the traffic between the client and the server".
This cheat sheet will focus on security considerations when the SSL/TLS model is selected.
A TLS stream of communication contains built-in controls to prevent tampering with any portion of the encrypted data.
This is a frequently used model for publicly accessible web applications.
The primary benefit of transport layer security is the protection of web application data from unauthorized disclosure and modification when it is transmitted between clients (web browsers) and the web application server, and between the web application server and back end and other non-browser based enterprise components.
The server validation component of TLS provides authentication of the server to the client.
Conversely, an Internet facing enterprise web application would likely be best served by a SSL/TLS model.TLS is mainly a defence against man-in-the-middle attacks.