🛡️
Full-Scope Threat Model
Learn to think like an attacker. Document vulnerabilities, analyze risks, and propose mitigations for a banking architecture.
STRIDE
Methodology
DREAD
Scoring
Architecture
Diagrams
Risk
Reporting
The Challenge
Security isn't just about tools; it's about design. In this project, you will take an architecture diagram of a sample fintech application and systematically break it down to find where it is weak. You will produce a professional report that engineers could act upon.
What you will build:
- ✅ Create Data Flow Diagrams (DFDs) for critical assets.
- ✅ Apply STRIDE (Spoofing, Tampering, etc.) to every boundary.
- ✅ Score risks using the DREAD model.
- ✅ Write a professional "Executive Summary" and "Technical Fixes" report.
The STRIDE Framework
S
Spoofing
T
Tampering
R
Repudiation
I
Info Disclosure
D
DoS
E
Elevation of Priv
Why Employers Care
Being able to write a threat model proves you aren't just a "script kiddy." It shows you understand architectural risk and can communicate security requirements to developers effectively.
See the Cyber Roadmap