Threat Modeling Case Studies
Specialized in uncovering vulnerabilities within software supply chains and dependency ecosystems. Creator of SCAGoat and other open-source security tools. Speaker at Black Hat, DEF CON, and AppSec conferences with research on malicious package detection, dependency confusion, and CI/CD security.
Web Application Case Study
System Overview
A web application that allows users to:
Register and authenticate
Upload and share files
Send messages to other users
View and update their profile
Data Flow Diagram
STRIDE Analysis
Component | Threat | Mitigation |
Authentication | Spoofing (Brute force attacks) | Rate limiting, account lockout, MFA |
File Upload | Tampering (Malicious file uploads) | File type validation, malware scanning |
User Actions | Repudiation (Denying performed actions) | Secure logging of all security-relevant events |
User Data | Information Disclosure (Data leakage) | Data encryption, access controls |
Web Server | Denial of Service (Traffic flood) | Rate limiting, CDN, scaling capabilities |
Access Control | Elevation of Privilege (IDOR) | Proper authorization checks, RBAC |
IoT Device Case Study
System Overview
A smart home IoT device that:
Connects to a home WiFi network
Communicates with a cloud service
Is controlled via a mobile app
Controls physical devices (e.g., lights, locks)
Attack Tree
DREAD Assessment for "Authentication Bypass"
Category | Rating (1-10) | Reasoning |
Damage | 9 | Complete control of the device |
Reproducibility | 7 | Once discovered, can be consistently exploited |
Exploitability | 5 | Requires moderate technical knowledge |
Affected Users | 10 | All users of the device |
Discoverability | 6 | Requires targeted testing to discover |
Overall Risk | 7.4 | Medium-High Risk |
Microservices Application Case Study
System Overview
A microservices architecture with:
Multiple service containers
API Gateway
Service-to-service communication
Shared data stores
Authentication services
Data Flow Diagram
Key Threats and Mitigations
Threat | Affected Component | Mitigation |
Unauthorized service-to-service calls | Service Mesh | Mutual TLS, service identity |
API Gateway bypass | API Gateway | Network segmentation, ingress control |
Insecure direct object references | All Services | Proper authorization on all endpoints |
Data leakage between tenants | All Databases | Data partitioning, row-level security |
Token theft | Auth Service | Short token lifetimes, token validation |
Financial Institution - Online Banking Platform
System Overview
A major financial institution's online banking platform that provides:
Account access and management
Fund transfers
Bill payments
Mobile check deposits
Financial reporting
Data Flow Diagram
STRIDE Analysis
Component | Threat | Impact | Mitigation |
Authentication | Spoofing (Credential theft) | Unauthorized account access | MFA, anomaly detection, secure session management |
Transaction Processing | Tampering (Transaction manipulation) | Financial fraud | Digital signatures, transaction verification steps |
Audit Trail | Repudiation (Denying financial transactions) | Dispute resolution challenges | Immutable logging, digital receipts |
Customer Data | Information Disclosure (Data breach) | PII/financial data exposure | Encryption, data minimization, access controls |
Banking Services | Denial of Service (System unavailability) | Service interruption | Redundancy, rate limiting, DDoS protection |
Access Controls | Elevation of Privilege (Admin rights) | Unauthorized system access | Strict RBAC, JIT access, privilege monitoring |
Healthcare System - Electronic Health Records
System Overview
A hospital system's electronic health records (EHR) platform with:
Patient records management
Prescription handling
Lab test ordering and results
Medical imaging integration
Billing and insurance processing
Data Flow Diagram
Key Threats and Mitigations
Threat | Impact | Mitigation |
Unauthorized access to patient records | Patient privacy violation, HIPAA breach | Fine-grained access controls, need-to-know basis |
Medication prescription tampering | Patient safety risk | Digital signatures, verification workflow |
EHR data breach | Mass disclosure of protected health information | Encryption, data segmentation, access monitoring |
Ransomware attack | System unavailability, data loss | Robust backups, security patching, network segmentation |
Insider threat | Targeted data access, privacy violations | Least privilege access, behavior analytics, audit logging |
Medical device compromise | Patient safety, data integrity issues | Device security policies, network isolation, monitoring |
E-commerce Platform
System Overview
A large e-commerce platform that supports:
Product browsing and searching
User accounts and profiles
Shopping cart and checkout
Payment processing
Order fulfillment and shipping
Data Flow Diagram
STRIDE Analysis
Component | Threat | Impact | Mitigation |
User Authentication | Account takeover | Unauthorized purchases, data access | Strong authentication, account lockouts, fraud detection |
Payment Processing | Credit card theft | Financial loss, reputation damage | PCI-DSS compliance, tokenization, encryption |
Product Listings | Price manipulation | Revenue loss | Digital signatures, price verification |
Shopping Cart | Cart manipulation | Price/item tampering | Server-side validation, integrity checks |
Checkout Flow | Session hijacking | Order interception | TLS, secure cookies, session management |
User Reviews | Content injection | Platform abuse, reputational damage | Input validation, content moderation |
Cloud Infrastructure Provider
System Overview
A cloud infrastructure provider offering:
Virtual machine instances
Managed databases
Storage solutions
Networking services
Identity and access management
Data Flow Diagram
Key Threats and Mitigations
Threat | Impact | Mitigation |
Multi-tenant escape | Customer data breach, cross-account access | Strong isolation, hypervisor hardening, regular patching |
API abuse | Service disruption, unauthorized access | Rate limiting, API authentication, activity monitoring |
IAM misconfiguration | Excessive permissions, data exposure | Least privilege access, permission boundaries, policy validation |
SSRF against metadata service | VM takeover, credential theft | Instance metadata service controls, network segmentation |
Supply chain compromise | Backdoor insertion, persistent access | Vendor assessment, code signing, CI/CD security |
Physical security breach | Hardware tampering, data theft | Datacenter security, disk encryption, secure decommissioning |
Mobile Payment Application
System Overview
A mobile payment application that provides:
Peer-to-peer money transfers
QR code and contactless payments
Bill splitting functionality
Transaction history
Bank account and card linking
Data Flow Diagram
DREAD Analysis for "Account Takeover"
Category | Rating (1-10) | Reasoning |
Damage | 10 | Complete financial loss, identity theft |
Reproducibility | 6 | Requires specific user targeting |
Exploitability | 5 | Requires bypassing multiple security controls |
Affected Users | 8 | Individual accounts, but can be done at scale |
Discoverability | 7 | Public mobile app with observable security controls |
Overall Risk | 7.2 | High Risk |
Automotive Connected Vehicle System
System Overview
A modern connected vehicle platform that includes:
In-vehicle infotainment system
Remote vehicle control (lock/unlock, climate)
Telematics and vehicle health monitoring
Over-the-air software updates
Emergency services communication
Data Flow Diagram
Key Threats and Mitigations
Threat | Impact | Mitigation |
Remote vehicle control exploit | Safety risk, unauthorized control | Command authentication, secure boot, message authentication |
CAN bus injection | Vehicle safety systems compromise | Gateway filtering, bus segmentation, intrusion detection |
Infotainment system compromise | Entry point to critical systems | Domain separation, privilege boundary, sandboxing |
Telematics unit exploitation | Location tracking, privacy breach | Data minimization, encryption, secure communication |
Software update tampering | Malicious code execution | Code signing, update verification, secure delivery |
Mobile app API abuse | Unauthorized vehicle access | Strong API security, rate limiting, anomaly detection |
