Threat modelling

Threat modelling links

  • An introduction to approachable threat modeling: One of favourite articles on this topic in quite awhile. It boils it down using an architecture diagram and understanding use flows and considers principals (who are the users (people, or other programs)), goals (what does the system do), adversities (what bad things can happen), and invariants (what always needs to be true about the system so that it can make progress)



I saved the pdf above from SANS here for posterity …