Find design flaws before an attacker does. Draw a data flow diagram of a real system, mark its trust boundaries, walk it with STRIDE and PASTA, rate what you find, and turn every threat into a tracked control and a pipeline check.
Before you start
This is a concepts-and-method course — no setup required beyond a place to draw diagrams. It pairs naturally with the Web Application Security course, which shows how the threats you model actually work.
Why Threat Model?
Threat modeling is structured worry: what are we building, what can go wrong, what will we do about it, and did we do a good job. Learn when to do it and the four-question frame that drives the rest.
Draw the System: Data Flow Diagrams
You cannot find threats in a system you cannot see. Learn to draw a data flow diagram with the four DFD elements and — the part that matters — mark the trust boundaries where threats concentrate.
Find Threats with STRIDE
STRIDE turns "what can go wrong?" into a checklist. Walk each element of your diagram against six threat categories — Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege.
PASTA, Attack Trees & Attack Surface
STRIDE finds threats bottom-up from a diagram; PASTA works top-down from business risk, and attack trees decompose a single goal. Learn when each fits and how to map the full attack surface.
Rate, Prioritize & Ship the Fixes
A list of 50 threats helps no one. Rate each by likelihood and impact, prioritize ruthlessly, turn each into a tracked control, and wire the high-value checks into your pipeline so the fix stays fixed.