What is Threat Modelling?
Threat modeling is a process of identifying all possible threats to a system so that they can be categorized and analyzed. It's a proactive approach to a system security. Essentially, you are trying to identify and fix the vulnerability before adversaries can exploit them. There are two broad categories:
STRIDE Method (Developed by Microsoft):
S - Spoofing - Attacker trying to gain the access by falsified methods
T - Tampering - Any action resulting in unauthorized changes of the data either in transit of storage.
R - Repudiation - The ability of user or attacker to deny the activity.
I - Information Disclosure - Revelation of private, confidential or controlled information to external and unauthorized sources.
D - Denial of Service - An attack to prevent the authorized use of the resource.
E - Elevation of Privilege - An attack where a limited user account is transformed into a higher privileged account.