Everable | Blog | A comprehensive guide to threat modelling

A comprehensive guide to threat modelling

  • 6 min read
  • July 10th, 2022

Cybersecurity has become a top concern in today's fast-paced IT world with the steep rise in hacking incidents: 30,000 hacked websites a day. As a result, businesses are looking for the best security practices to keep confidential data safe. This is why threat modelling is gaining popularity in the cybersecurity landscape.

Widely regarded as one of the standard security methods, threat modelling is a way to detect and understand security threats while protecting valuable information and assets. Organizations can implement threat modelling at any phase of the software development process, from start to finish.

Read this all-inclusive guide to learn the following:

  • What is threat modelling?
  • Threat modelling process
  • Benefits of threat modelling
  • Threat modelling methodologies
  • Threat modelling in your DevSecOps culture

The Basics of Threat Modeling

If you're interested in a guide to threat modeling then this course will interest you! You'll learn how to apply STRIDE to identify potential threats in your applications.

What is Threat Modeling?

Securing confidential information has become more critical than ever with new security threats in the cyber ecosystem. According to Cisco," The number of DDoS attacks is expected to reach 15.4 million by 2023."

While no network or system is immune to attacks, a robust and efficient security model is essential to reduce the risk of cyber breaches. The sudden need for network security has made threat modelling quite popular in the digital landscape. It's a way of identifying threats, analyzing vulnerabilities, and developing countermeasures to prevent cyber-attacks, thus optimizing network security.

Implementing threat modelling at the start of the software development process is recommended. This way, you can identify and solve threats before they become an issue.

Threat Modeling Process

Threat modelling is a continuous process of identifying threats, analyzing vulnerabilities, and taking actions to prevent or mitigate cyber attacks.

The threat modelling process mainly involves four steps:

  • Identifying assets: Before you start identifying threats, you need to identify valuable assets containing sensitive information using a digital footprint—a map of your entire attack surface.
  • Identifying threats: After discovering valuable assets, identify the type of threat, whether internal or external. Also, know the purpose of the threat, whether it's data access or a security breach.
  • Analyzing vulnerabilities: The next step is thoroughly investigating each vulnerability to develop the most effective mitigation plan.
  • Threat countermeasure: After identifying all threats and vulnerabilities, implement countermeasures to prevent cyber attacks.

Benefits of Threat Modeling

With the constantly evolving new attack surfaces and security threats, many organizations face a tough time fighting against them.

Threat modelling allows organizations to identify security loopholes early in the software development process and prevent them by implementing secure coding practices. Here are some of the significant benefits of threat modelling:

  • Identifies single points of failure: Threat modelling not only discovers vulnerabilities in software but also prevents cyber attackers from taking advantage of a single point of failure in a system.
  • Prioritizes thread: Threat modelling helps organizations identify threats that need attention.
  • Improves the organization's security posture: Threat modelling examines every part of a system or software. Measuring your security controls' effectiveness to monitor security programs can improve the overall organization's security posture.


Threat Modeling Methodologies

Did you know that 95% of cybersecurity breaches are due to human error?

Security threats can be due to both internal and external sources. Whatever the source, a security threat can result in substantial financial, reputational, and customer losses. Businesses adopt threat modelling as a standard security process to identify and resolve potential cybersecurity risks before they become significant problems.

Multiple threat modelling methodologies and techniques can help organizations find threats. However, practically every method varies in quality and consistency.

Let's dig a bit deeper to understand various threat modelling methodologies better.

STRIDE: Developed by Microsoft, STRIDE is one of the best threat models to find threats in a system. STRIDE is an acronym for different security threats:

  • Spoofing: An intruder pretends to be a trusted contact or source.
  • Tampering: Attackers modify the system or data to achieve a malicious goal.
  • Repudiation: When a system doesn't track or monitor threat incidents.
  • Information disclosure: Confidential information is leaked or exposed to an unauthorized person.
  • Denial of Service (DoS): Shutting down network or components to prevent legitimate use.
  • Elevation of Privilege: An unauthorized person executes commands and functions.

DREAD: Some popular organizations like OpenStack use the DREAD model. It's a way to rank and evaluate security threats in five different categories:

  • Damage potential: How worse would the extent of damage be?
  • Reproducibility: How easy is it to reproduce a cyber attack?
  • Exploitability: How much work and effort is needed to undertake the attack?:
  • Affected users: How many users will be affected?
  • Discoverability: How easy is it to identify the threat?

PASTA: PASTA is an acronym for Process for Attack Simulation and Threat Analysis. It is a seven-step attacker-centric approach that identifies, counts, and ranks threats. The PASTA model works on seven simple steps.

  1. Determine business goals
  2. Define the technical scope
  3. Decompose the application
  4. Analyze the threat
  5. Vulnerability analysis
  6. Attack enumeration
  7. Risk and impact analysis

Trike: Trike is a security auditing framework that uses the threat model as a risk management tool. The trike model uses DFD (data flow diagram) to illustrate data flow in an implementation model so that users can implement the same within a system.

VAST: VAST is short for Visual, Agile, and Simple Threat modelling. It provides actionable outputs as per the needs of software developers and cybersecurity experts. It allows the security teams to evaluate architectural and operational threats.

Attack tree: The attack tree is one of the oldest and most popular threat modelling methodologies. It is a conceptual diagram illustrating how attacks can occur in a system.

CVSS: Developed by NIS, CVSS stands for The Common Vulnerability Scoring System. It is a method to assign a score (ranging from 0 to 10, with ten being the worst) to all network vulnerabilities.

OCTAVE stands for the Operationally Critical Threat, Asset, and Vulnerability Evaluation. This model mainly addresses organizational risks, not technological risks.

Threat Modeling in your DevSecOps Culture

DevSecOps is the process of integrating security practices at every phase of the software development life cycle. Implementing DevSecOps in your workflow reduces the chances of security vulnerabilities. It makes software delivery faster and easier.

In addition, implementing threat modelling in your DevSecOps culture will promote security awareness and help your security team better understand the security issues.

Moreover, it allows you to discover and defend against the most severe threats.

Learn about DevSecOps, by clicking here:

Start Course


Your business is still vulnerable to security threats even if you have the best IT equipment, security systems, and antivirus. Even a minor security bug can shut down your business operations.

Be proactive and implement threat modelling as a risk assessment and management tool for security threats. It can do wonders for your organisation if executed correctly and frequently.