Threat Modeling
Identify and mitigate security threats during system design.
STRIDE Methodology
Threat Description Mitigation
Spoofing Pretending to be someone else Authentication
Tampering Modifying data Integrity controls
Repudiation Denying actions Audit logging
Information Disclosure Data exposure Encryption
Denial of Service Making service unavailable Rate limiting
Elevation of Privilege Gaining higher access Authorization
Process
steps: 1_scope: - Define system boundaries - Identify assets - Document data flows
2_diagram: - Create data flow diagrams - Identify trust boundaries - Mark entry points
3_identify: - Apply STRIDE to each component - List potential threats - Document attack vectors
4_assess: - Rate likelihood and impact - Prioritize by risk score
5_mitigate: - Design countermeasures - Accept/transfer risks - Document decisions
Data Flow Diagram
[External User] --> |HTTPS| --> [Load Balancer] | v [Web Server] | [Trust Boundary] | v [App Server] --> [Database]
Threat Cards
threat: id: T001 name: SQL Injection category: Tampering component: Database queries likelihood: High impact: Critical mitigations: - Parameterized queries - Input validation - WAF rules status: Mitigated
Best Practices
-
Integrate into SDLC
-
Review on architecture changes
-
Include development team
-
Document all decisions
-
Regular reassessment
Related Skills
-
sast-scanning - Code analysis
-
penetration-testing - Validation