Threat Modelling & Risk Management

Identifying potential threats before writing a single line of code.

STRIDE Methodology

Spoofing

Pretending to be something/someone else.

Tampering

Modifying data or code.

Repudiation

Claiming not to have performed an action.

Information Disclosure

Exposing data to unauthorized users.

Denial of Service

Preventing valid access to resources.

Elevation of Privilege

Gaining higher access rights than authorized.

Risk Management

Not all vulnerabilities need to be fixed immediately. Risk management involves assessing the Likelihood and Impact of a threat to prioritize remediation efforts based on business context.