Why it matters

Threat modeling shifts security left. Understanding shapes design; skipping causes expensive remediation later.

Advertisement

The architecture

Identify assets: what's valuable (user data, keys, systems).

Identify threats: STRIDE = Spoofing, Tampering, Repudiation, Information disclosure, DoS, Elevation of privilege.

Threat modeling flowAssetswhat to protectThreatsSTRIDE per assetMitigationscontrols per threatDo it during design, not after; costs 10-100x less than post-hoc fixes
Threat modeling steps.
Advertisement

How it works end to end

Data flow diagram: visualize system components and data flows. Identifies trust boundaries where authz is needed.

Threats per component: apply STRIDE. Which threats apply? What mitigations exist or needed?

Prioritize: not all threats equal. Risk = probability × impact. Address high-risk first.

Iterate: threat model evolves as system does.