Three Ways to Threat Model: STRIDE, PASTA, Attack Trees

Each method answers a different question. Hover any cell for detail; the table below compares effort, output, and best fit.

STRIDE PASTA Attack Trees S · Spoofing violates Authentication T · Tampering violates Integrity R · Repudiation violates Non-repudiation I · Info Disclosure violates Confidentiality D · Denial of Service violates Availability E · Elevation of Priv. violates Authorization 1 Define Objectives 2 Define Technical Scope 3 Decompose Application 4 Analyze Threats 5 Analyze Vulnerabilities 6 Model Attacks 7 Simulate Attacks Steal Customer Data OR — any path reaches the goal Compromise database Phish admin Spear-phish email Fake login page Exploit API Use for: design reviews, fast component-by-component analysis Use for: high-stakes systems, business-aligned analysis Use for: comparing attacker paths, cost / feasibility analysis
Summary — pick the method that fits your time budget and question
MethodTime to completeOutput typeBest fit
STRIDEHoursPer-component list of threats by categoryDesign reviews; quick, systematic coverage
PASTADays–weeksBusiness-impact-ranked, evidence-backed reportHigh-stakes systems needing business alignment
Attack TreesHours–daysTree of attacker paths with cost/feasibilityComparing attacker paths and prioritizing defenses