Threat modeling is a structured process used to identify, assess, and mitigate security risks to a system.
Principles and Methodologies
STRIDE
Developed by Microsoft, STRIDE is a mnemonic representing six categories of threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Helps systematically identify threats by considering each category.
DREAD
A risk assessment model used to rate and prioritize threats based on Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability. Helps prioritize threats based on their potential impact and likelihood.
PASTA
PASTA (Process for Attack Simulation and Threat Analysis) is a seven-step risk-centric threat modeling methodology. Integrates business objectives with technical requirements and focuses on analyzing potential attack vectors. Steps include defining objectives, creating an architecture overview, decomposition, threat analysis, vulnerability analysis, attack modeling, and risk analysis.
LINDDUN
A privacy-focused threat modeling framework. Helps identify privacy threats by considering seven categories: Linkability, Identifiability, Non-repudiation, Detectability, Disclosure of information, Unawareness, and Non-compliance. Provides systematic guidance for identifying and mitigating privacy risks.
Attack Trees
A hierarchical diagram representing potential attack paths, starting from the attacker's goal and branching out into possible techniques. Helps visualize and analyze how an attacker might exploit vulnerabilities to achieve their objectives.
MITRE ATT&CK
A knowledge base of adversary tactics and techniques based on real-world observations. Provides a framework for understanding and modeling potential attack scenarios.
Tools and Frameworks
Microsoft Threat Modeling Tool
A free tool from Microsoft that helps create and analyze threat models using Data Flow Diagrams (DFDs). Supports the STRIDE methodology and provides automated threat generation based on the diagram.
OWASP Threat Dragon
An open-source threat modeling tool maintained by the Open Web Application Security Project (OWASP). Supports the creation of DFDs and generates threats based on STRIDE. Available as a desktop application and as a web application.
ThreatModeler
An enterprise-level automated threat modeling tool. Supports a wide range of integration and collaboration features. Uses predefined templates and libraries to accelerate the threat modeling process.
IriusRisk
A threat modeling platform that integrates with DevSecOps pipelines. Provides automated threat generation, risk assessment, and mitigation planning. Offers collaborative features for teams and integrates with various CI/CD tools.
SecuriCAD
A simulation-based threat modeling tool. Allows users to simulate different attack scenarios and assess their impact. Provides actionable insights and recommendations for improving security.
TRIKE
An open-source threat modeling methodology and tool. Focuses on risk management and uses a risk-based approach to identify and mitigate threats. Provides a structured framework for threat modeling and risk assessment.
Software Design Principles
Category
Security Principles
Security by Design
Threat Modeling
Threat modeling is a structured process used to identify, assess, and mitigate security risks to a system.
STRIDE
DREAD
PASTA
LINDDUN
Attack Trees
MITRE ATT&CK
Microsoft Threat Modeling Tool
OWASP Threat Dragon
ThreatModeler
IriusRisk
SecuriCAD
TRIKE
Secure Coding Practices
Least Privilege Principle
Defense in Depth
Security by Default
Privacy by Design
Least Privilege
Defense in Depth
Secure by Separation
Encryption by Default