6 Threat Modeling

Threat modeling systematically identifies and evaluates potential security threats and vulnerabilities in a software application, system, or network. It is a proactive security technique used to understand and address security risks during the design and development stages. Threat modeling aims to reduce the likelihood and impact of security breaches by identifying and mitigating potential threats early in the development process.

In this chapter, we’re going to cover threat modeling by looking at the following main topics:

Threat model overview
STRIDE
DREAD
Attack trees
Mitigations
Microsoft threat modeling
Example of the enterprise threat model

By the end of this chapter, you will understand how and why we use threat models. ...

Get Security-Driven Software Development now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Security-Driven Software Development by Aspen Olmsted

6

Threat Modeling

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly