Build a Threat Model for a Real System You Control
8 weeks · 0 milestones
Apply STRIDE or PASTA threat modelling methodology to a real system you built, are actively building, or have direct operational access to — not a hypothetical or textbook system. The threat model must document: the system boundary and trust levels, each identified threat with a specific threat actor and affected asset, the likelihood and impact assessment, and for each threat either the specific mitigation implemented or an explicit documented decision to accept the residual risk with rationale. Proof: the threat model reviewed by a security engineer or security architect who asks 'what would change in your threat model if you added an API gateway in front of this service?' — you must reason through your actual system's threat surface, not describe the general concept.
Milestone map
Milestone map
3 milestones
Study core secure software design principles: least privilege, defence in depth, fail secure, complete mediation, and separation of duties. Study the STRIDE threat model. Apply STRIDE to an existing codebase or system you have access to: produce a threat model document identifying at least eight threats (at least one per STRIDE category) with likelihood and impact ratings.
Proof required
Submit: a threat model document (at least 600 words) applying STRIDE to a specific system you have access to, with at least eight identified threats (at least one per STRIDE category), each with: the specific attack scenario, affected component, likelihood rating (1–5), impact rating (1–5), and an initial mitigation suggestion; and evidence the system is one you have access to. A security practitioner, software architect, or CS lecturer with security experience must confirm the threat model is accurate.
What gets checked
- At least eight threats identified — at least one for each STRIDE category (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege)
- Each threat includes a specific attack scenario — not just the category name
- A security practitioner has confirmed the threat model is accurate