ID: I202512091545 Status: idea Tags: Security, diagram

Threat Modelling Process

You can choose different apps for this. The 2 most well known apps are:

OWASP Threat Dragon
microsoft threat modeling service

These 2 tools have a different approach. But the modelling works the same way. With OWASP Threat Dragon you have to define all possible threats yourself. Whilst microsoft threat modeling service assumes you failed at everything and your code will be vulnerable to everything. Both approaches are okay, but it depends on what you want. And the 2nd one is not for Linux.

Designing

With threat modelling, you are making something similar to the C4 Diagram at the container level. You look at every container and look at the communication between them. You will draw trust lines between systems. You could also draw these between your dependencies or internal processes that are made by other teams, but you don’t need to.

example

another example

References

We were having some issues with avans 2-1 security workshop 2.

🌵OldMartijntje

Explorer

Threat Modelling Process

Threat Modelling Process

Designing

References

Discussion for Threat Modelling Process

Graph View

Table of Contents

Backlinks