Useful Links
Computer Science
Cybersecurity
Threat Modeling
1. Introduction to Threat Modeling
2. The Threat Modeling Process Overview
3. System Decomposition and Modeling
4. Threat Identification and Enumeration
5. Threat Analysis and Risk Assessment
6. Validation and Verification
7. Integrating Threat Modeling into the Development Lifecycle
8. Domain-Specific Threat Modeling
9. Tooling and Automation
10. Scaling a Threat Modeling Program
Threat Identification and Enumeration
Threat Identification Methodologies
Attacker-Centric Approaches
Adversary Profiles
Attack Vectors
Asset-Centric Approaches
Asset Value Assessment
Asset Exposure Analysis
Software-Centric Approaches
Vulnerability Analysis
Component Mapping
The STRIDE Framework
Spoofing Identity
Authentication Weaknesses
Impersonation Attacks
Tampering with Data
Data Integrity Violations
Unauthorized Modifications
Repudiation
Lack of Audit Trails
Non-Repudiation Mechanisms
Information Disclosure
Data Leakage
Privacy Violations
Denial of Service
Resource Exhaustion
Service Disruption
Elevation of Privilege
Privilege Escalation
Bypass of Authorization
Other Threat Enumeration Frameworks
PASTA
Attack Simulation
Threat Analysis Steps
LINDDUN
Privacy Threats
Mapping to DFDs
TRIKE
Risk Management Focus
Asset and Actor Modeling
OCTAVE
Organizational Risk Assessment
Asset-Driven Analysis
Using Attack Trees
Defining a Root Goal
Decomposing into Sub-Goals
Identifying Leaf Nodes
AND/OR Conditions
Visualizing Attack Paths
Threat Libraries and Knowledge Bases
CAPEC
Attack Pattern Catalog
Usage in Threat Modeling
MITRE ATT&CK Framework
Tactics and Techniques
Mapping to Real-World Attacks
Previous
3. System Decomposition and Modeling
Go to top
Next
5. Threat Analysis and Risk Assessment