Member-only story
There are at least a dozen threat modeling methodologies in the market. In this article, I am trying to gauge the popularity of them.
The Methodologies
Here is the list of methodologies, I am considering for my assessment —
- Attack Tree — This is one of the oldest methodologies which can be applied to a wide set of industries. It's based on conceptual diagrams showing how an asset, or target, might be attacked.
- OCTAVE — This approach is driven by operational risk and security practices and not technology. It was developed in 2001 at Carnegie Mellon University (CMU), for the United States Department of Defense.
- LINDDUN — This methodology helps in capturing and mitigating the privacy threats in software architectures. It was created in 2010 as a collaboration between the DistriNet and COSIC research groups of KU Leuven, Belgium.
- PASTA — The name is a mnemonic for Process for Attack Simulation and Threat Analysis. It provides a seven-step, risk-based approach to threat modeling. This methodology is intended to provide an attacker-centric view of the application and infrastructure. It was developed in 2012.
- STRIDE — This methodology was developed at Microsoft in 1999 for identifying computer security threats. It…
