Threat Modeling Frameworks: STRIDE, PASTA, LINDDUN and MITRE ATT&CK
Complete Guide to Threat Modeling: The Four Core Questions, Data Flow Diagrams (DFD) as a Foundation, STRIDE Framework (from Spoofing to Elevation of Privilege) with Workshop Instructions, PASTA (7-Phase, Business-Oriented), LINDDUN (Privacy Threats, GDPR Art. 25), DREAD Scoring, MITRE ATT&CK Integration; Tool Comparison (OWASP Threat Dragon, Microsoft TMT, IriusRisk, Threagile), Threat Modeling in Agile/DevSecOps, ROI Calculation, and ISO 27001 Compliance.
Summary: A structured process for systematically identifying security threats in software development or IT architecture. STRIDE, PASTA, and DREAD are the best-known methods. Goal: To identify security vulnerabilities before code is written.
Questions about this topic?
Our experts advise you free of charge and without obligation.
About the Author
M.Sc. Internet-Sicherheit (if(is), Westfälische Hochschule). COO und Prokurist mit Expertise in Informationssicherheitsberatung und Security Awareness. Nachwuchsprofessor für Cyber Security an der FOM Hochschule, CISO-Referent bei der isits AG und Promovend am Graduierteninstitut NRW.
11 Publikationen
- Understanding Regional Filter Lists: Efficacy and Impact (2025)
- Privacy from 5 PM to 6 AM: Tracking and Transparency Mechanisms in the HbbTV Ecosystem (2025)
- A Platform for Physiological and Behavioral Security (2025)
- Different Seas, Different Phishes - Large-Scale Analysis of Phishing Simulations Across Different Industries (2025)
- Exploring the Effects of Cybersecurity Awareness and Decision-Making Under Risk (2024)
- Sharing is Caring: Towards Analyzing Attack Surfaces on Shared Hosting Providers (2024)
- On the Similarity of Web Measurements Under Different Experimental Setups (2023)
- People, Processes, Technology - The Cybersecurity Triad (2023)
- Social Media Scraper im Einsatz (2021)
- Digital Risk Management (DRM) (2020)
- New Work - Die Herausforderungen eines modernen ISMS (2024)
