threat-modeling

Analyze the attack surface to identify exposed components, entry points, and potential attack vectors.

Quantify organizational risk from identified threats using likelihood, impact, and risk scoring methodologies.

Identify and document trust boundaries in the architecture, showing where privilege levels, security contexts, or threat models change.

Conduct comprehensive threat modeling using STRIDE, attack trees, and risk scoring on a system design or architecture.

Design abuse cases (negative use cases) showing how attackers misuse system features. Use when identifying attacks that exploit intended functionality or business logic flaws.

Create a comprehensive inventory of assets (data, systems, infrastructure, people) and their criticality, value, and dependencies. Use when prioritizing threats and allocating security resources.

Build hierarchical attack trees showing how attackers decompose goals into sub-goals and exploits. Use when analyzing attack paths, prioritizing security investments, or assessing attacker effort and cost.

Create and analyze DFDs (Data Flow Diagrams) with security focus, identifying data flows across trust boundaries, storage, and processing points. Use when modeling system architecture for threat analysis.

Quantify risk using likelihood and impact, apply severity ratings, and prioritize mitigations. Use when prioritizing threats, allocating security budget, and communicating risk to leadership.