Module S07 — Threat Modeling Harnesses

Threat Modeling Harnesses

Architecture ingestion, STRIDE analysis engine, and mitigation generation with issue tracking.

60
minutes
8
artifacts
3
sub-sections
A harness that ingests architecture as-written — draw.io, Terraform, OpenAPI — converts it to a data flow diagram, runs STRIDE per element with LLM-generated grounded threats, and emits prioritized mitigations as tracked issues. Threat modeling that happens at the speed of architecture change, not the speed of a quarterly meeting.
Key Claims
Load-Bearing Claims

Manual threat modeling fails because the model goes stale. The fix is to generate the model from architecture as-written (IaC, OpenAPI) and regenerate on every change.

STRIDE threat generation must be grounded. Specific technologies + flows crossing trust boundaries produce actionable threats; generic templates produce platitudes.

Mitigations map to three layers — OWASP ASVS, CWE, cloud best practice. The mapping is the difference between a slogan and an implementable change.

Continuous threat modeling requires diffing, not full re-runs. Cost scales with the change, not the architecture size.

After This Module
01
Build an architecture-to-DFD ingestion pipeline parsing draw.io, Terraform, CloudFormation, and OpenAPI with trust boundary detection.
02
Implement a STRIDE engine applying applicable categories per element with LLM-driven grounded threat generation, dedup, and prioritization.
03
Generate per-threat mitigations mapped to OWASP controls, CWE remediations, and cloud best practices; auto-create tracker issues.
04
Version threat models and diff two architecture versions to identify what changed and what new threats the change introduced.
Artifacts