Security by Design Vocabulary
5 exercises — Practice vocabulary for security by design: threat modeling in the design phase, first-class security requirements, privacy by default, and the principle of least privilege.
0 / 5 completed
1 / 5
An architect says: "We perform threat modeling in the design phase, not after the code is written." Why is this timing important?
Security issues found in the design phase cost 100x less to fix than issues found in production — threat modeling is the highest-leverage point in the secure software development lifecycle.
The classic threat modeling frameworks — STRIDE (Microsoft), PASTA, LINDDUN — are designed to be applied to architecture diagrams and data flow diagrams before implementation begins. STRIDE asks: could an attacker Spoof identity? Tamper with data? Repudiate actions? cause Information disclosure? Denial of service? Elevation of privilege? Each threat category maps to a class of controls. When the system is still on the whiteboard, the team can choose architectures that minimise the attack surface from the start — rather than bolting on security controls to an architecture that was designed without considering them.
Key vocabulary:
• threat modeling — a structured analysis of a system's architecture to identify security threats and define mitigations
• STRIDE — a Microsoft threat classification framework: Spoofing, Tampering, Repudiation, Information disclosure, DoS, Elevation of privilege
• attack surface — the total area of a system that an attacker can attempt to exploit
The classic threat modeling frameworks — STRIDE (Microsoft), PASTA, LINDDUN — are designed to be applied to architecture diagrams and data flow diagrams before implementation begins. STRIDE asks: could an attacker Spoof identity? Tamper with data? Repudiate actions? cause Information disclosure? Denial of service? Elevation of privilege? Each threat category maps to a class of controls. When the system is still on the whiteboard, the team can choose architectures that minimise the attack surface from the start — rather than bolting on security controls to an architecture that was designed without considering them.
Key vocabulary:
• threat modeling — a structured analysis of a system's architecture to identify security threats and define mitigations
• STRIDE — a Microsoft threat classification framework: Spoofing, Tampering, Repudiation, Information disclosure, DoS, Elevation of privilege
• attack surface — the total area of a system that an attacker can attempt to exploit