LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What is the minimum threat modeling coverage you should achieve?

At minimum, apply STRIDE to every element that touches a trust boundary — that's where attackers can interject.

Minimum coverage: Apply STRIDE to every DFD element that touches a trust boundary.

Trust boundaries include:

  • Machine boundaries
  • Network boundaries
  • Privilege boundaries
  • Corporate/organizational boundaries

Why trust boundaries matter: They're where attackers can interject themselves. Data crossing a trust boundary should always be validated and protected.

Practical tip: If you can only do limited threat modeling, focus on:

  1. External-facing components
  2. Authentication/authorization flows
  3. Sensitive data handling

From Quiz: SPRG / Mitigation and Risk Analysis | Updated: Jun 20, 2026