Security Engineering
Threat Modeling
8 practice questions. Free questions open a full answer guide; the rest unlock with Pro.
- What is threat modeling, and how would you approach it for a new feature you're building?
- How do you actually run a threat-modeling exercise on a new service, and at what point in delivery do you do it?Go Pro
- Your teams ship multiple times a day. Where does threat modeling actually fit in that workflow, and how do you keep it from becoming a one-time gate that gets skipped?Go Pro
- STRIDE, attack trees, PASTA — how do you decide which threat modeling approach to use, and what's the failure mode you watch for regardless of method?Go Pro
- A product team wants to wire up a third-party SaaS integration that gets read access to our customer data over OAuth. How do you threat-model that integration before it ships, and what specifically do you scrutinize?Go Pro
- What is a trust boundary in a system diagram, and why does it matter where you draw it?Go Pro
- After a threat model surfaces a long list of threats, how do you decide which ones to fix and which to accept?Go Pro
- Beyond enumerating what a system should do, how do you bring an attacker's mindset into a threat model — what does thinking in terms of abuse cases actually look like?Go Pro
Want questions matched to your role? Paste a job title, job description, or CV for a personalized set, or go Pro to unlock the full bank.