STRIDE Threat Model Example
This is a simplified Data Flow Diagram (DFD) for a User Authentication Service. Click on a component (like the User, Web App, or Database) to see potential threats based on the STRIDE methodology.
Click a diagram component to view its threats.
PASTA Threat Model Example
PASTA (Process for Attack Simulation and Threat Analysis) is a risk-centric methodology that aligns business objectives with security requirements. It involves seven stages to provide a deeper, attacker-centric view of threats.
Stage I: Define Business Objectives
Identify the primary goals of the application. For our User Authentication Service, objectives are: Securely authenticate users, protect Personally Identifiable Information (PII), and maintain 99.9% uptime.
Stage II: Define the Technical Scope
Map out the technologies in use: A React frontend, a Node.js backend API, a PostgreSQL database, all hosted on AWS. Data flows over HTTPS.
Stage III: Application Decomposition
Break down the application into its core components and trust boundaries, similar to the DFD in the STRIDE example. Identify entry points (login forms, API endpoints) and data stores (user database, session store).
Stage IV: Threat Analysis
Analyze known vulnerabilities and threat intelligence relevant to the tech stack (e.g., known Node.js library vulnerabilities, common attacks against PostgreSQL).
Stage V: Vulnerability & Weakness Analysis
Correlate application components with known threats. For example, identify a lack of rate limiting on the login endpoint (a weakness) and correlate it with the threat of credential stuffing (from Stage IV).
Stage VI: Attack Modeling
Simulate attacks based on the vulnerabilities identified. Create an attack tree for an attacker to achieve the goal of "Steal User Credentials". This might involve exploiting a SQL injection flaw found in Stage V.
Stage VII: Risk & Impact Analysis
Calculate the business impact of a successful attack. A credential stuffing attack could lead to account takeovers, resulting in reputational damage and financial loss. The impact of a PII breach would be high due to regulatory fines (e.g., GDPR). This stage helps prioritize which threats to fix first based on business risk.
Choosing the Right Methodology
Different methodologies excel in different contexts. Here’s a comparison to help you decide which approach is best for your needs.
STRIDE
A mnemonic-based approach focused on identifying common software security threats.
Best for: Developer-focused, systematic brainstorming. Great for initial analysis of applications and identifying a broad range of common vulnerabilities.
PASTA
A seven-stage, risk-centric methodology that aligns security with business objectives.
Best for: Mature organizations or critical applications where aligning security effort with business impact is key. It is comprehensive but more time-intensive.
VAST
A methodology focused on integrating threat modeling into Agile and DevOps pipelines.
Best for: Teams practicing CI/CD and DevOps. It provides actionable outputs for developers and scales across an organization.
LINDDUN
A privacy-focused methodology that identifies privacy-specific threats.
Best for: Applications that handle Personally Identifiable Information (PII) or need to comply with privacy regulations like GDPR or CCPA.
Attack Trees
A visual method of breaking down an attacker's goal into smaller, achievable steps.
Best for: Deep-diving into specific, high-risk threats. Excellent for visualizing complex attack paths and identifying potential mitigation points.
DREAD
A risk-rating model used to prioritize threats (Damage, Reproducibility, Exploitability, Affected users, Discoverability).
Best for: Quickly ranking and prioritizing threats found using another methodology like STRIDE. It's less of a full methodology and more of a prioritization tool.