Why it matters
Threat modeling shifts security left. Understanding shapes design; skipping causes expensive remediation later.
Advertisement
The architecture
Identify assets: what's valuable (user data, keys, systems).
Identify threats: STRIDE = Spoofing, Tampering, Repudiation, Information disclosure, DoS, Elevation of privilege.
Advertisement
How it works end to end
Data flow diagram: visualize system components and data flows. Identifies trust boundaries where authz is needed.
Threats per component: apply STRIDE. Which threats apply? What mitigations exist or needed?
Prioritize: not all threats equal. Risk = probability × impact. Address high-risk first.
Iterate: threat model evolves as system does.