What is a Threat Model?

A threat model is ANY document that tries to answer the question “What could go wrong?” for a specific project.

Threat Modeling Methodology used in This template

This template helps create a threat model for your feature using the methodology demonstrated in this Threat Modeling Handbook. It is recommended to go through the handbook before using this template. however, below is a summary of how it works. You can also check a sample Threat model on Threat Model | File Upload Service (Sample)

This document helps go through Threat modeling in the 6 below steps:

1. Understand the scope and the design.
2. Decompose the components
3. Identify high-level Risks.
4. Identify Threats and Mitigations.
5. Verify mitigations.
6. Create Tests to continuously verify mitigations.

Steps 1-4 should be performed during the “Design” phase of your project (Phase 1).

Step 5 should be performed during the “Testing” phase of your project (Phase 2).

Step 6 should be continuously running in the “Operate” phase of your project (Phase 3).

The goal is to identify the Risks, Threats, Mitigations, Verifications, and Tests.

Phase 1 is performed during “Design”, Phase 2 during “Test”, and Phase 3 during “Operate”

How to use

Phase 1

• Complete the questions in Step 1 - Scope and Design and Step 2 - Decompose.
• Add the High-level Risk in the High-level Risks table and set the right “Type” for each Risk.