Skip to main content

What is threat modeling?

FAQ resource for your migration project.

FAQ resource for What is threat modeling?.

Answer

Threat modeling is a structured exercise to identify potential threats, attack vectors, and weaknesses in a system before they are exploited, ideally during design. Teams map data flows and trust boundaries, then enumerate threats using frameworks like STRIDE (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege) and decide on mitigations. Doing it early is far cheaper than fixing vulnerabilities after deployment and helps prioritize security effort where it matters most.