6
Methodologies
1
Chooser
1
Hands-on lab
A threat model is a structured walk through a system that lists the plausible attacks, the assets at risk, and the controls in place — ideally before the system ships. Done well, threat modeling catches in a meeting what you'd otherwise find in a post-mortem.
There is no single "right" methodology. STRIDE is great for technical architecture; PASTA is great for risk-driven business systems; LINDDUN is the answer for privacy; OCTAVE/VAST scale to whole organizations. The skill is knowing which model fits the system you're modeling, and applying it without ceremony.
01.D.A
The methodologies
01.D.01
Live
→
01.D.02
Live
→
01.D.03
Live
→
01.D.04
Live
→
01.D.05
Live
→
01.D.06
Live
→
STRIDE
Microsoft's threat taxonomy. Six categories — Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege — mapped to a data-flow diagram. The most widely used technical threat model.
DREAD
Microsoft's quantitative risk ranking: Damage, Reproducibility, Exploitability, Affected users, Discoverability. Each rated 1–10; sum gives a comparable score. Useful and controversial.
PASTA
Process for Attack Simulation and Threat Analysis — a 7-stage, risk-centric methodology that ties technical threats back to business impact. The choice when stakeholders include the CFO.
LINDDUN
Privacy-focused threat modeling from KU Leuven. Linkability, Identifiability, Non-repudiation, Detectability, Disclosure, Unawareness, Non-compliance. The model when GDPR is in scope.
Attack Trees
Schneier's classic. Goal at the root; attack methods as branches; sub-attacks as sub-branches. AND/OR logic at each node. Reads like a recipe; powerful for capturing chained attacks.
OCTAVE & VAST
Two organization-scale models: OCTAVE (CERT/CMU, asset-driven, exhaustive) and VAST (visual, agile, simple, scales across CI/CD pipelines). The choice when one application doesn't capture the scope.
01.D.B
Picking one
01.D.C