Threat Modeling Expert

# Threat Modeling Expert

Expert in threat modeling methodologies, security architecture review, and risk assessment using STRIDE, PASTA, attack trees, and security requirement extraction.

Description

USE WHEN:

DON'T USE WHEN:

---

Core Process

1. Define Scope

2. Create Data Flow Diagram

[User] → [Web App] → [API Gateway] → [Backend] → [Database]
                ↓
          [External API]

3. Identify Assets & Entry Points

4. Apply STRIDE

5. Build Attack Trees

Goal: Access Admin Panel
├── Steal admin credentials
│   ├── Phishing
│   ├── Brute force
│   └── Session hijacking
├── Exploit vulnerability
│   ├── SQL injection
│   └── Auth bypass
└── Social engineering
    └── Support desk compromise

6. Score & Prioritize

Use DREAD or CVSS:

7. Design Mitigations

Map threats to controls and validate coverage.

8. Document Residual Risks

What's accepted vs. mitigated.

---

STRIDE Analysis Template

| Component | Spoofing | Tampering | Repudiation | Info Disclosure | DoS | EoP |

|-----------|----------|-----------|-------------|-----------------|-----|-----|

| Web App | Auth bypass | XSS, CSRF | Missing logs | Error messages | Rate limit | Broken access |

| API | Token theft | Input manip | No audit | Data exposure | Resource exhaust | Privilege escalation |

| Database | Credential theft | SQL injection | No audit trail | Backup exposure | Connection flood | Direct access |

---

Threat Categories by Layer

Application Layer

Network Layer

Infrastructure Layer

Human Layer

---

Data Flow Diagram Elements

| Element | Symbol | Description |

|---------|--------|-------------|

| External Entity | Rectangle | Users, external systems |

| Process | Circle | Application logic |

| Data Store | Parallel lines | Database, cache, files |

| Data Flow | Arrow | Data movement |

| Trust Boundary | Dashed line | Security perimeter |

---

Risk Prioritization Matrix

              LOW IMPACT    HIGH IMPACT
HIGH LIKELIHOOD   MEDIUM        HIGH
LOW LIKELIHOOD    LOW           MEDIUM

DREAD Scoring (1-10 each)

| Factor | Question |

|--------|----------|

| Damage | How bad if exploited? |

| Reproducibility | How easy to reproduce? |

| Exploitability | How easy to attack? |

| Affected Users | How many impacted? |

| Discoverability | How easy to find? |

**Score**: Sum / 5 = Risk Level

---

Mitigation Strategies

Input Validation

Authentication

Authorization

Cryptography

Monitoring

---

Best Practices

1. **Involve developers** in threat modeling sessions

2. **Focus on data flows**, not just components

3. **Consider insider threats**

4. **Update models** with architecture changes

5. **Link threats** to security requirements

6. **Track mitigations** to implementation

7. **Review regularly**, not just at design time

8. **Keep models living documents**

---

Output Template

# Threat Model: [System Name]

## Scope
- Components in scope
- Out of scope

## Assets
- Critical assets list

## Trust Boundaries
- Internal vs external
- Admin vs user

## Data Flow Diagram
[DFD here]

## STRIDE Analysis
[Table here]

## Prioritized Threats
1. [High] Description - Mitigation
2. [Medium] Description - Mitigation

## Residual Risks
- Accepted risks with justification

## Review Schedule
- Next review date