FIGURE 1.7 An example of diagramming to reveal threat concerns

               Visual, Agile, and Simple Threat (VAST) is a threat modeling concept

               based on Agile project management and programming principles. The
               goal of VAST is to integrate threat and risk management into an Agile
               programming environment on a scalable basis.

               These are just a few of the vast array of threat modeling concepts and
               methodologies available from community groups, commercial entities,
               government agencies, and international associations.

               Generally, the purpose of STRIDE and other threat modeling
               methodologies is to consider the range of compromise concerns and to

               focus on the goal or end results of an attack. Attempting to identify
               each and every specific attack method and technique is an impossible
               task—new attacks are being developed constantly. Although the goals
               or purposes of attacks can be loosely categorized and grouped, they