Quiz Entry - updated: 2026.06.20
What is the minimum threat modeling coverage you should achieve?
At minimum, apply STRIDE to every element that touches a trust boundary — that's where attackers can interject.
Minimum coverage: Apply STRIDE to every DFD element that touches a trust boundary.
Trust boundaries include:
- Machine boundaries
- Network boundaries
- Privilege boundaries
- Corporate/organizational boundaries
Why trust boundaries matter: They're where attackers can interject themselves. Data crossing a trust boundary should always be validated and protected.
Practical tip: If you can only do limited threat modeling, focus on:
- External-facing components
- Authentication/authorization flows
- Sensitive data handling