Update links in Threat Modeling cheat sheet (#1913)

jgadsden · web-flow · commit 59e4750d7a57 · 2025-12-02T20:22:25.000-10:00
* fix broken links in Threat Modeling cheat-sheet

* wording for Threat Modeling cheat sheet aligned with CIA and AAA triads
diff --git a/cheatsheets/Threat_Modeling_Cheat_Sheet.md b/cheatsheets/Threat_Modeling_Cheat_Sheet.md
@@ -2,7 +2,8 @@
 
 ## Introduction
 
-Threat modeling is an important concept for modern application developers to understand. The goal of this cheatsheet is to provide a concise, but actionable, reference for both those new to threat modeling and those seeking a refresher. The official project page is [https://owasp.org/www-project-threat-model/](https://owasp.org/www-project-threat-model/).
+Threat modeling is an important concept for modern application developers to understand. The goal of this cheatsheet is to provide a concise, but actionable, reference for both those new to threat modeling and those seeking a refresher.
+The OWASP [Threat Modeling project](https://owasp.org/www-project-threat-modeling/) provides further information on various aspects of threat modeling.
 
 ## Overview
 
@@ -33,7 +34,7 @@ Proper threat modeling requires participants to think creatively and critically
 
 ### Improved Visibility of Target of Evaluation (TOE)
 
-Threat modeling requires a deep understanding of the system being evaluated. To properly threat model, one must understand data flows, trust boundaries, and other characteristics of the system. Thus, [Stiliyana Simeonova](https://securityintelligence.com/threat-modeling-in-the-enterprise-part-1-understanding-the-basics/) asserts that improved visibility into a system and its interactions is one advantage of threat modeling.
+Threat modeling requires a deep understanding of the system being evaluated. To properly threat model, one must understand data flows, trust boundaries, and other characteristics of the system. Thus improved visibility into a system and its interactions is one advantage of threat modeling.
 
 ## Addressing Each Question
 
@@ -69,7 +70,7 @@ Cloud-native systems introduce unique considerations for threat modeling due to
 - **Dynamic environments:** container orchestration, serverless functions, and ephemeral infrastructure.
 - **Compliance and data residency:** ensuring that workloads meet jurisdictional and privacy requirements.
 
-Cloud threat modeling frameworks such as [Microsoft’s Cloud Security Threat Modeling](https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-cloud), [OWASP Cloud Security Project](https://owasp.org/www-project-cloud-security/), and AWS’s [Well-Architected Framework – Security Pillar](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html) can serve as references.
+Cloud threat modeling frameworks such as AWS’s [Well-Architected Framework – Security Pillar](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html) can serve as references.
 
 ### Threat Identification
 
@@ -79,10 +80,10 @@ STRIDE is a mature and popular threat modeling technique and mnemonic originally
 
 | Threat Category             | Violates          | Examples                                                                                                    |
 | --------------------------- | ----------------- | ----------------------------------------------------------------------------------------------------------- |
-| **S**poofing                | Authenticity      | An attacker steals the authentication token of a legitimate user and uses it to impersonate the user.       |
+| **S**poofing                | Authentication    | An attacker steals the authentication token of a legitimate user and uses it to impersonate the user.       |
 | **T**ampering               | Integrity         | An attacker abuses the application to perform unintended updates to a database.                             |
-| **R**epudiation             | Non-repudiability | An attacker manipulates logs to cover their actions.                                                        |
-| **I**nformation Disclosure  | Confidentiality   | An attacker extracts data from a database containing user account info.                                      |
+| **R**epudiation             | Accounting        | An attacker manipulates logs to cover their actions.                                                        |
+| **I**nformation Disclosure  | Confidentiality   | An attacker extracts data from a database containing user account info.                                     |
 | **D**enial of Service       | Availability      | An attacker locks a legitimate user out of their account by performing many failed authentication attempts. |
 | **E**levation of Privileges | Authorization     | An attacker tampers with a JWT to change their role.                                                        |
 
