What is threat modeling and when should it be performed?

Threat modeling is a structured process for identifying potential security threats to a system and determining appropriate countermeasures. It should be performed during the design phase of the SDLC before code is written, when changes are cheapest to implement. Common methodologies include STRIDE, which categorizes threats as spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege; and DREAD, which rates threats by damage, reproducibility, exploitability, affected users, and discoverability.