Whether a historically grown monolith or the latest application with MACH architecture, all applications are exposed to individual threats specific to them. This means that there can be no standard source or reference list that describes relevant threat scenarios to the team. Instead, the team must address its own security posture at two different levels: Threats detected at the conceptual level affect the architecture and design of the application, while threats at the implementation level originate in the code.

Threat Modeling describes a regular process to identify threats on the conceptual level and to gather evidence for those on the implementation level.

This seminar focuses on different methods of threat modeling. Classics such as Microsoft’s STRIDE approach will be evaluated alongside lesser known methods such as PASTA and Attack Trees. The main features are illustrated by means of a typical example application, which is based on architectures regularly encountered in everyday consulting work. Experiences regarding zero-trust or serverless architectures will be shared and compared to on-premises trust-boundary scenarios.

In addition to the methods, experiences with relevant threat modeling tools such as OWASP Threat Dragon and Microsoft Threat Modeling Tool are presented. Advice is given on integrating threat modeling into development processes.