Security

Threat Modeling

A structured approach to identifying, quantifying, and addressing security threats to a system by analyzing its architecture, data flows, and potential attack vectors.

Also known as:Threat AnalysisSecurity Modeling

What is Threat Modeling?

Threat modeling is a proactive security practice that involves systematically identifying potential threats, vulnerabilities, and attack vectors in a system. By understanding what could go wrong, teams can prioritize security efforts and design appropriate countermeasures.

Key Questions

  1. What are we building?

    • System architecture
    • Data flows
    • Trust boundaries

  2. What can go wrong?

    • Threat identification
    • Attack scenarios
    • Vulnerability analysis

  3. What are we going to do about it?

    • Mitigation strategies
    • Security controls
    • Risk acceptance

  4. Did we do a good job?

    • Validation
    • Testing
    • Iteration

Common Methodologies

STRIDE

  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Elevation of Privilege

PASTA Process for Attack Simulation and Threat Analysis

  • 7-stage risk-centric methodology

LINDDUN Privacy-focused threat modeling

  • Linkability, Identifiability, Non-repudiation, Detectability, Disclosure, Unawareness, Non-compliance

Threat Modeling Process

  1. Define scope and objectives
  2. Create system model (DFD)
  3. Identify threats (STRIDE, etc.)
  4. Analyze and prioritize
  5. Define mitigations
  6. Validate and iterate

Tools

  • Microsoft Threat Modeling Tool
  • OWASP Threat Dragon
  • IriusRisk
  • Threagile
Previous

Threat Intelligence

Next

TLS (Transport Layer Security)