FAQ resource for What is threat modeling?.
Answer
Threat modeling is a structured exercise to identify potential threats, attack vectors, and weaknesses in a system before they are exploited, ideally during design. Teams map data flows and trust boundaries, then enumerate threats using frameworks like STRIDE (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege) and decide on mitigations. Doing it early is far cheaper than fixing vulnerabilities after deployment and helps prioritize security effort where it matters most.