Build a Threat Model for a Real System You Control

8 weeks · 0 milestones

Apply STRIDE or PASTA threat modelling methodology to a real system you built, are actively building, or have direct operational access to — not a hypothetical or textbook system. The threat model must document: the system boundary and trust levels, each identified threat with a specific threat actor and affected asset, the likelihood and impact assessment, and for each threat either the specific mitigation implemented or an explicit documented decision to accept the residual risk with rationale. Proof: the threat model reviewed by a security engineer or security architect who asks 'what would change in your threat model if you added an API gateway in front of this service?' — you must reason through your actual system's threat surface, not describe the general concept.

Sign in to start this outcome and track your progress publicly.