← Lessons

quiz vs the machine

Platinum1740

Security

Threat Modeling Basics

A structured way to find what can go wrong in a design before you build it.

5 min read · advanced · beat Platinum to climb

What Threat Modeling Is

Threat modeling is a structured exercise to identify what could go wrong with a system, before attackers do. By reasoning about the design early, teams find weaknesses cheaply and decide which to address, rather than discovering them in production.

The Core Questions

  • What are we building, captured as a diagram with data flows and trust boundaries.
  • What can go wrong, often guided by a mnemonic such as STRIDE covering spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege.
  • What are we going to do about it, choosing to mitigate, accept, or transfer each risk.
  • Did we do a good job, validating coverage later.

Making It Useful

  • Focus attention where data crosses a trust boundary, since that is where most threats live.
  • Keep the model living, updating it as the design changes.
  • Turn findings into concrete requirements and tests, not just a report.

Key idea

Threat modeling answers what can go wrong by mapping trust boundaries and enumerating threats early, turning the findings into requirements rather than afterthoughts.

Check yourself

Answer to earn rating on the learn ladder.

1. What does the STRIDE mnemonic help with?

2. Where should threat modeling focus attention?

3. What makes a threat model useful over time?