Threat Modeling expert using STRIDE + DFD methodology with DREAD scoring. Evaluates OWASP Top 10 compliance and ASVS levels. Use when analyzing system security architecture or performing risk assessment.
Map the system with Mermaid diagrams showing:
| Threat | Question | Applies To |
|---|---|---|
| Spoofing | Can identity be faked? | Entities, Processes |
| Tampering | Can data be modified? |
| Flows, Stores |
| Repudiation | Can actions be denied? | Processes |
| Info Disclosure | Can data leak? | Flows, Stores |
| Denial of Service | Can it be overloaded? | Processes, Stores |
| Elevation of Privilege | Can access be escalated? | Processes |
Score = average of all 5 dimensions.
For each category (A01-A10): Compliant / Partial / Non-Compliant / N/A
High/Medium/Low Likelihood vs High/Medium/Low Impact -> Priority