🔐 Cybersecurity / Web Security Intermediate

What is threat modeling?

Q: What is threat modeling?

Threat modeling is a structured approach to identifying, analyzing, and prioritizing potential threats to a system so that security controls can be designed proactively. Performed during the design phase (shift left security). Key frameworks: STRIDE (Microsoft): Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, Elevation of privilege — each threat mapped to a security property. PASTA (Process for Attack Simulation and Threat Analysis): business ris

Answer

Threat modeling is a structured approach to identifying, analyzing, and prioritizing potential threats to a system so that security controls can be designed proactively. Performed during the design phase (shift left security). Key frameworks: STRIDE (Microsoft): Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, Elevation of privilege — each threat mapped to a security property. PASTA (Process for Attack Simulation and Threat Analysis): business risk-focused, 7-stage process. LINDDUN: privacy-focused. Attack trees: decompose attack goals into sub-goals. Process: (1) Define scope (data flow diagram). (2) Identify threats (STRIDE per element). (3) Assess risk (likelihood × impact). (4) Define mitigations. (5) Validate. Tools: Microsoft Threat Modeling Tool, OWASP Threat Dragon, IriusRisk. Threat modeling catches architectural security issues early when they're cheapest to fix.

What is the difference between a white-hat, grey-hat, and black-hat hacker?

What is certificate pinning?

More Cybersecurity / Web Security Questions

View all →

All Cybersecurity / Web Security Questions Browse All Topics