Threat Modelling — STRIDE, PASTA, LINDDUN in Practice

Manish Garg
Manish Garg Associate of (ISC)² · RingSafe
Apr 25, 2026
13 min read
Read as

Last updated: April 29, 2026

Threat modelling methodologies that work — STRIDE, PASTA, attack trees, LINDDUN for privacy. The practical workflow for engineering teams, anti-patterns to avoid, tooling, and DPDP/ISO alignment.

The 90-minute meeting that saved ₹2 crore

A Series-B Indian fintech was about to ship a new feature: instant loan disbursement via UPI. The product manager wanted it live for the festive season. Engineering had two weeks. The architecture diagram was on a whiteboard.

The CTO insisted on one thing before any code was merged: a 90-minute threat modelling session. Three people in the room — the lead engineer, the product manager, and a security consultant on retainer (₹25,000 a day, called in for the day).

They walked through the design. Customer requests a loan. Backend checks credit. If approved, money is disbursed to the customer’s UPI ID. Simple.

The consultant asked one question: “Where does the customer’s UPI ID come from?”

“From the customer,” the engineer said. “They enter it on the screen.”

“And after approval, who triggers the disbursement?”

“The backend service.”

“Using which UPI ID?”

“The one the customer entered.”

The consultant drew a line across the whiteboard. “That UPI ID went through your frontend, your API gateway, your loan-decision service, and a queue. By the time the disbursement service reads it, it has been touched by four components, three of which have known scope creep. What stops a rogue insider in your customer support team from changing the UPI ID between approval and disbursement?”

Silence.

The next 60 minutes produced a list of seven design changes. The most important: the UPI ID gets cryptographically signed by the customer at submission, the signature travels with the request, and the disbursement service verifies the signature before sending money. Two days of additional engineering work.

Eight months after launch, the fintech’s competitor — a similar product without that signature check — had a fraud incident in which a colluding support agent changed UPI IDs on approved loans. ₹2.1 crore went out to the wrong accounts before anyone noticed. The competitor recovered most of it after a six-week incident response, paid legal fees, paid regulator fines, and paid the reputational cost. The fintech that did the threat modelling never had that conversation.

That is what threat modelling does, when it is done at the right time, by the right people, with discipline. This module is about how to do it.

Want this for your team?

Custom team training + practitioner advisory

Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.

Book team training call Replies in 4 working hrs · India-only · Senior consultants
Start of track
← Back to Academy Hub
Continue Learning

Other modules in this track

View all modules
Academy
Module 1 · Beginner

Shift-left + extend-right, SDLC security map, where each control lives, metrics that matter, and the 30-day…

Apr 22, 2026 · 5 min read
Academy
Module 2 · Intermediate

What each scanner class detects, tool selection for 2026, CI integration patterns, false-positive tuning, triage workflow.

Apr 22, 2026 · 5 min read
Academy
Module 4 · Advanced

Pipeline attack surface: config injection, pwn-requests, unpinned actions, OIDC trust policies, ephemeral runners, signing.

Apr 22, 2026 · 6 min read