Security DesignMedium

Threat Modeling

A structured approach to identifying, analyzing, and mitigating potential threats to a system

Content

What is Threat Modeling?

Threat Modeling helps teams proactively identify where a system could be attacked and plan countermeasures. It’s typically done during the design phase but can be revisited continuously.

Key Steps

Identify assets and users
Define system architecture
List threats and vulnerabilities
Prioritize risks
Document and fix weaknesses

Best Practices

Involve cross-functional teams
Model early and update often
Choose a methodology that suits the project
Don’t just list — mitigate

Quick Facts

Severity Level

7/10

Goal

Think like an attacker

When

During system design

Methodologies

STRIDE, PASTA, DREAD

Example

Mapping how data flows and where it’s at risk

Related Terms

Risk Assessment

Analyzes risks, often using threat models

Attack Surface

All the ways a system can be attacked

STRIDE

A popular threat modeling framework

Learn More

Threat Modeling for Developers OWASP Threat Modeling Cheat Sheet