Skip to content
Submit a request
  • There are no suggestions because the search field is empty.

Threat Modeling Pentest Requirements

🔴  Required (Must Provide)

  • Documentation and Diagrams (Data Flow Diagrams (DFTs) and Architecture Diagrams) that clearly describe the system to be analyzed 
    • Enumeration of system components and their interactions 
    • Include actors involved (customers, end users, technicians, supervisors, etc.) 
  • Description of the business logic followed by the system 

📌  Additional Details Required:

  • Clearly indicate preferred and/or required methodologies to be followed (EX. STRIDE, PASTA, Attack Trees, MITRE ATT&CK, etc.) | Optional
  • Clearly indicate any preference for Threat Ranking System to be employed (Ex. CVSSv4, Severity Matrices, etc.) | Optional 
  • Indicate High-Priority threats, previously modeled threats, and known/accepted threats | Optional but highly recommended to ensure efficiency and usefulness of results 
    Indicate