Threat Modeling

Threat modeling answers "what can go wrong?" before you build, not after it ships. STRIDE catalogs six threat categories per DFD component; PASTA ties threats to business impact; attack trees decompose attack goals into sub-goals. This covers all three with a real web app example, data flow diagrams, and the Microsoft Threat Modeling Tool workflow.