Threat Modeling

Identify and mitigate security threats systematically

Overview

Threat modeling is the process of systematically identifying, analyzing, and addressing security threats before they become breaches. It answers: What could go wrong? Who might attack? Where are we vulnerable?

Why Threat Model?

Proactive: Find vulnerabilities before attackers do
Comprehensive: Don't miss threat categories (data theft, availability, integrity)
Prioritization: Focus on highest-impact risks
Communication: Align team on security concerns
Documentation: Understand what you're protecting

Threat Modeling Frameworks

STRIDE: Microsoft's per-element threat categories (Spoofing, Tampering, Repudiation, Info Disclosure, Denial of Service, Elevation of Privilege)
LINDDUN: Privacy-focused (Linkability, Identifiability, Non-repudiation, Detectability, Disclosure of Information, Unawareness, Non-compliance)
PASTA: Attack path-focused (Process for Attack Simulation and Threat Analysis)
Attack Trees: Visual representation of attack paths toward goals

When to Threat Model

High-risk systems: Financial, medical, critical infrastructure
New designs: Before building, not after
Major changes: New integrations, data handling
Post-incident: Analyze what happened, prevent recurrence
Regularly: Annual threat model refresh as threats evolve

📄️ Threat Modeling Frameworks: STRIDE, LINDDUN, PASTA

Master systematic threat identification frameworks

📄️ Assets, Attack Surfaces, and Trust Boundaries

Identify what you're protecting and where you're vulnerable

📄️ Abuse and Misuse Cases

Think like an attacker to find vulnerabilities in workflows

Threat Modeling

Overview​

Why Threat Model?​

Threat Modeling Frameworks​

When to Threat Model​