### Week 15: Threat Modelling

#### Attack Vector
An attack vector is the path or method used by a threat actor to gain unauthorized access to a system or perform a malicious action. Applying STRIDE helps you identify potential attack vectors.

|System Component|Common Attack Vectors|
|:--|:--|
|Web Application|Cross-Site Scripting (XSS), SQL Injection, Parameter Tampering, Session Hijacking (often leading to Spoofing/Tampering).|
|Network|Man-in-the-Middle (MITM), Port Scanning, Denial of Service (DoS).|
|System/OS|Buffer Overflows, Privilege Escalation Exploits (leading to Elevation of Privilege).|

### Threat Modeling (STRIDE)
Threat Modeling is a structured, proactive process used to identify and prioritize security threats to a system and determine countermeasures. STRIDE is a mnemonic framework for categorizing these threats.

**The STRIDE Framework**
|Threat Category|Security Property Violated|Mitigation Focus|Definition & Example|
|:--|:--|:--|:--|
|Spoofing|Authentication|MFA, Strong Passwords, Identity Verification|Impersonating a user, system, or process.|
|Tampering|Integrity|Digital Signatures, Immutable Logging, Access Controls|Maliciously modifying data, code, or configuration.|
|Repudiation|Non-Repudiation|Audit Trails, Digital Signatures on Actions|Denying that a specific action took place due to lack of proof.|
|Information Disclosure|Confidentiality|Encryption (in transit and at rest), Authorization|Exposure of sensitive data to unauthorized individuals.|
|Denial of Service (DoS)|Availability|Throttling, Load Balancing, Resource Quotas|Preventing legitimate users from accessing the system.|
|Elevation of Privilege|Authorization|Least Privilege Principle, Role-Based Access Control (RBAC)|Gaining capabilities or access beyond what is intended.|


**The Threat Modeling Process**
1. Decompose the Application: Visualize the system, often using a Data Flow Diagram (DFD), to identify components (processes, data stores, external entities) and the flows between them.

2. Identify Trust Boundaries: Note where the level of trust changes (e.g., between the web browser and the web server, or the web server and the database). Threats are often found when crossing these boundaries.

3. Apply STRIDE: Systematically examine each component and data flow, asking how each of the six STRIDE threats could apply.

4. Determine Mitigations: Propose security controls to reduce the risk posed by the identified threats.

5. Review and Iterate: Threat modeling should be a continuous process, especially when the system's architecture changes.