The Art of Threat Modeling – A Step-by-Step Approach

Threat Modeling Introduction provides an overview of how to identify, analyze, and prioritize security threats during system design. You will learn the purpose of threat modeling, common approaches, and how it helps reduce risk by addressing security issues early in the development lifecycle.

This module introduces threat modeling as a core security discipline for building resilient systems. You’ll learn what threat modeling is, why it matters, and when it should be applied, along with the operational security principles that guide effective risk analysis. The module explores multiple threat modeling perspectives—asset-centric, attacker-centric, and application-centric—and compares widely used frameworks such as PASTA, Microsoft Threat Modeling, OCTAVE, and VAST. By the end of this module, you’ll understand how to select the right methodology for your architecture and integrate threat modeling into real-world engineering workflows.

This module focuses on the practical execution of threat modeling. You’ll learn how to define scope, analyze target systems, and create data flow diagrams to understand how data moves through an application. The module then walks through identifying, documenting, and rating threats using structured techniques, enabling you to prioritize risks effectively. By the end of this module, you’ll be able to perform hands-on threat modeling and translate analysis into actionable security decisions.

This module emphasizes the long-term success of threat modeling within an organization. It explores why security requires collaboration and mutual support, how to balance quality with coverage, and why threat modeling is a continuous process rather than a one-time activity. By the end of this module, you’ll understand how to scale threat modeling sustainably and embed it into everyday engineering practices.

This module provides a practical, tool-driven introduction to Microsoft Threat Modeling. You’ll explore its strengths and limitations, understand the end-to-end threat modeling workflow, and learn how to install and configure the tool. Through guided demos, you’ll apply threat modeling concepts to real scenarios, gaining hands-on experience in identifying and analyzing threats using a structured, repeatable process.

This module focuses on extending and customizing threat modeling tools to fit real-world architectures. You’ll learn how to edit the threat modeling tool at a deeper level, understand its XML structure, and create custom templates from scratch. By the end of this module, you’ll be able to tailor threat models to your organization’s specific technologies, patterns, and security requirements.