Threat Modelling
Identifying assets, threats, and attack surfaces before writing a line of security code.
Effective security starts with understanding what you are protecting and from whom. This chapter introduces threat modelling using STRIDE, asset identification, attack surface enumeration, and trust boundary analysis — producing a threat model for a small web application as a worked example.