What is threat modeling and how do you do it in practice?

Threat modeling identifies what can go wrong before shipping. Steps: - Define assets and trust boundaries - List entry points and attackers - Enumerate threats (STRIDE) - Prioritize mitigations It produces concrete actions: auth improvements, input validation, logging, least privilege, and secure defaults.