STRIDE threat modeling: Spoofing (identity), Tampering (data integrity), Repudiation (non-repudiation), Information disclosure (confidentiality), Denial of service (availability), Elevation of privilege.
STRIDE is Microsoft's threat modeling framework — map each component in your data flow diagram to potential STRIDE threats. Each STRIDE category maps to a security property: Spoofing → Authentication, Tampering → Integrity, Repudiation → Non-repudiation, Info disclosure → Confidentiality, DoS → Availability, EoP → Authorization.