STRIDE Threat Categories

Letter	Threat	Violated Property	Example	Mitigation
S	Spoofing	Authentication	Forging identity, IP spoofing	Strong auth, MFA, certificates
T	Tampering	Integrity	Modifying data in transit or at rest	Digital signatures, HMAC, TLS
R	Repudiation	Non-repudiation	Denying action was taken	Audit logs, digital signatures
I	Information Disclosure	Confidentiality	Data leaks, verbose errors	Encryption, access control, error handling
D	Denial of Service	Availability	DDoS, resource exhaustion	Rate limiting, auto-scaling, CDN
E	Elevation of Privilege	Authorization	SQL injection to admin, buffer overflow	Least privilege, input validation

Threat Modeling Process

Step	Activity	Output
1. Scope	Define what you're modeling (app, feature, system)	Scope document
2. Decompose	Create data flow diagram (DFD): processes, data stores, external entities, flows, trust boundaries	DFD diagram
3. Identify Threats	Apply STRIDE to each DFD element	Threat list
4. Rate Threats	Score using CVSS or DREAD; prioritize by risk	Risk-rated threat list
5. Mitigate	Design controls for each threat	Security requirements, design changes
6. Validate	Review mitigations, update model when design changes	Updated threat model

Factor	Question	Score (1–10)
Damage	How bad is the damage if exploited?	1=minimal, 10=catastrophic
Reproducibility	How easy to reproduce the attack?	1=hard, 10=trivial
Exploitability	How much skill/tools needed?	1=expert, 10=no skill
Affected Users	How many users impacted?	1=one, 10=all
Discoverability	How easy to find the vulnerability?	1=difficult, 10=obvious

Tool	Type	Notes
Microsoft Threat Modeling Tool	Desktop	Free, STRIDE-based, generates reports
OWASP Threat Dragon	Web/Desktop	Open-source, DFD-based
IriusRisk	Enterprise	Automated, integrates with JIRA/CD
Lucidchart / draw.io	Diagramming	Manual DFD creation
pytm	Code-as-model	Python, generate DFDs from code