Embodiments provide apparatuses and methods supporting software development teams in identifying potential security threats, and then testing those threats against under-development scenarios. At design-time, embodiments identify potential threats by providing sequence diagrams enriched with security annotations. Security information captured by the annotations can relate to topics such as security goals, properties of communications channels, environmental parameters, and/or WHAT-IF conditions. The annotated sequence diagram can reference an extensible catalog of functions useful for defining message content. Once generated, the annotated sequence diagram can in turn serve as a basis for translation into a formal model of system security. At run-time, embodiments support development teams in testing, by exploiting identified threats to automatically generate and execute test-cases against the up and running scenario. The security annotations may facilitate detection of subtle flaws in security logic, e.g., those giving rise to Man-in-the-middle, authentication, and/or confidentiality issues in software under-development.