STRIDE Threat Modeler

Master threat modeling with Microsoft's STRIDE methodology. Analyze real system architectures, identify threats, score risks, and recommend mitigations -- just like professional security engineers.

The STRIDE Framework

STRIDE is a threat classification model developed at Microsoft. Each letter represents a category of security threat that can affect a system.

S -- Spoofing

Impersonating something or someone else

Stolen credentials, forged tokens, phishing, ARP spoofing

CompTIA Sec+ 2.4 -- Analyze indicators of identity attacks | CySA+ 1.3

T -- Tampering

Modifying data or code without authorization

SQL injection, man-in-the-middle, config file modification, firmware rootkit

CompTIA Sec+ 1.4 -- Cryptographic attacks | CySA+ 2.3

R -- Repudiation

Claiming you did not do something, with no proof otherwise

Missing audit logs, unsigned transactions, no non-repudiation controls

CompTIA Sec+ 5.1 -- Security governance | CySA+ 3.2

I -- Information Disclosure

Exposing information to unauthorized parties

Verbose error messages, unencrypted traffic, public S3 buckets, directory traversal

CompTIA Sec+ 1.2 -- Threat intelligence | CySA+ 1.4

D -- Denial of Service

Making a system unavailable or unusable

DDoS floods, resource exhaustion, zip bombs, amplification attacks

CompTIA Sec+ 2.1 -- Threat actor types | CySA+ 2.5

E -- Elevation of Privilege

Gaining capabilities or access without authorization

Buffer overflow to root, IDOR, misconfigured RBAC, kernel exploits

CompTIA Sec+ 2.3 -- Application attacks | CySA+ 1.2

Choose a Scenario

Select an architecture to analyze. Each scenario increases in complexity.

Phase 1: Asset Identification

Examine the system architecture diagram below. Click on each component to label it with the correct asset type from the bank. Proper asset identification is the foundation of threat modeling.

Every component in a system is a potential attack surface. Identifying assets -- data stores, entry points, trust boundaries -- is the first step in any threat model.

Asset Labels -- click a component in the diagram, then click a label to assign it

Phase 2: Threat Mapping

For each identified asset, select which STRIDE categories apply. Most assets are vulnerable to multiple threat types. Think about what could go wrong at each component.

A web server might face Spoofing (forged requests), Tampering (modified payloads), and Denial of Service (traffic floods) simultaneously. Be thorough!

Phase 3: Risk Scoring

Assign Likelihood (1-5) and Impact (1-5) to each identified threat. Risk = Likelihood x Impact. Focus on the threats that matter most.

Likelihood: 1 = Rare, 2 = Unlikely, 3 = Possible, 4 = Likely, 5 = Almost Certain
Impact: 1 = Negligible, 2 = Minor, 3 = Moderate, 4 = Major, 5 = Catastrophic
Risk Levels: Low (1-4) | Medium (5-9) | High (10-16) | Critical (17-25)

Asset	Threat	Likelihood	Impact	Score	Level

Phase 4: Mitigation Planning

For each high-risk and critical threat, select recommended mitigations from the library or add your own. Good mitigations directly address the threat category.

Focus on the highest-risk items first. In real threat models, you triage by risk score and address Critical/High threats before Medium/Low ones.

Phase 5: Threat Model Report

Review your completed threat model. You can copy or download this report for documentation.

Threat Model Complete!

Outstanding work, analyst. You've completed a full STRIDE threat model.

points

+35 XP Earned

Performance Breakdown

Back to Eye House