Table of Contents Introduction What is a Threat Model? What is STRIDE? Spoofing Tampering Repudiation Information Disclosure Denial of Service Elevation of Privileges Summary Additional Resources Introduction Software is eating the world. As a result, the repercussions of software failure is costly and, at times, can be catastrophic. This can be seen today in a wide variety of incidents, from data leak incidents caused by misconfigured AWS S3 buckets to Facebook data breach incidents due to lax API limitations to the Equifax incident due to the use of an old Apache Struts version with a known critical vulnerability.