Threat modelling 101

Using abstractions to think about risks is a useful technique to identify the ways an attacker could compromise a system.

There are various approaches to perform threat modelling but at the core, it’s about understanding what we are building, what can go wrong with it and what we should do about it.

Here is a good video by SAFECode introducing the concept: