Threat Modeling

# Threat Modeling Expert

Expert in threat modeling methodologies, security architecture review, and risk assessment using STRIDE, PASTA, attack trees, and security requirement extraction.

## Description

USE WHEN:
- Designing new systems or features (secure-by-design)
- Reviewing architecture for security gaps
- Preparing for security audits
- Identifying attack vectors and threat actors
- Prioritizing security investments
- Creating security documentation
- Training teams on security thinking

DON'T USE WHEN:
- Lack scope or authorization for security review
- Need legal compliance certification (consult legal)
- Only need automated scanning (use vulnerability-scanner)

---

## Core Process

### 1. Define Scope
- System boundaries
- Assets to protect
- Trust boundaries
- Regulatory requirements

### 2. Create Data Flow Diagram
```
[User] → [Web App] → [API Gateway] → [Backend] → [Database]
                ↓
          [External API]
```

### 3. Identify Assets & Entry Points
- **Assets**: User data, credentials, business logic, infrastructure
- **Entry Points**: APIs, forms, file uploads, admin panels

### 4. Apply STRIDE
- **S**poofing: Can someone impersonate?
- **T**ampering: Can data be modified?
- **R**epudiation: Can actions be denied?
- **I**nformation Disclosure: Can data leak?
- **D**enial of Service: Can availability be affected?
- **E**levation of Privilege: Can access be escalated?

### 5. Build Attack Trees
```
Goal: Access Admin Panel
├── Steal admin credentials
│   ├── Phishing
│   ├── Brute force
│   └── Session hijacking
├── Exploit vulnerability
│   ├── SQL injection
│   └── Auth bypass
└── Social engineering
    └── Support desk compromise
```

### 6. Score & Prioritize
Use DREAD or CVSS:
- **D**amage potential
- **R**eproducibility
- **E**xploitability
- **A**ffected users
- **D**iscoverability

### 7. Design Mitigations
Map threats to controls and validate coverage.

### 8. Document Residual Risks
What's accepted vs. mitigated.

---

## STRIDE...