It has become clear in software development that functionality and security must go hand in hand in cases where security concerns are to be incorporated early in stages of design. An essential aspect of such a process is threat modeling that integrates security with functional specification. Such an approach includes construction of two models: a functional model and a security (threat) model. The problem of integration involves assimilating security concerns while developing system specifications. One solution is to represent the dynamic behavior of security attacks as statechart diagrams and integrate the attacks into the functional behavior of the system.