Threat modeling is a structured approach to identifying security threats. STRIDE categorizes threats (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege). DREAD scores risk. Attack trees map attack paths. Data flow diagrams (DFDs) identify trust boundaries. Threat modeling should happen during design, not after deployment.
The 5-Mode Loop
5 of 5 modes available
Read · See · Animate · Test · Build
Before this, understand: owasp top 10