Three Ways to Threat Model: STRIDE, PASTA, Attack Trees
Each method answers a different question. Hover any cell for detail; the table below compares effort, output, and best fit.
Summary — pick the method that fits your time budget and question
| Method | Time to complete | Output type | Best fit |
| STRIDE | Hours | Per-component list of threats by category | Design reviews; quick, systematic coverage |
| PASTA | Days–weeks | Business-impact-ranked, evidence-backed report | High-stakes systems needing business alignment |
| Attack Trees | Hours–days | Tree of attacker paths with cost/feasibility | Comparing attacker paths and prioritizing defenses |