What is Threat Modeling?

A structured process to identify, enumerate, and prioritize the ways an attacker could compromise a system.

Full explanation

Threat modeling happens early in design. Popular methodologies: STRIDE (Spoofing/Tampering/Repudiation/Info-disclosure/DoS/Elevation), PASTA (process-centric), LINDDUN (privacy-focused). Outputs: a threat model document listing assets, threats, mitigations, and residual risk. For AI features, MITRE ATLAS provides an AI-specific threat framework.

Example

Before launching a payment feature, the team runs STRIDE: 'what if the attacker could spoof the user? tamper with the amount? repudiate the transaction?' — each answer becomes a security requirement.

FAQ

Is threat modeling a one-time exercise?

No. Re-run whenever architecture or threat landscape changes significantly.