# MVP Threat Model — One Page

**Project / Feature:** ___________________________
**Date:** ___________________________
**Participants:** ___________________________
**Sprint #:** ___________________________

---

## 1. Assets (Crown Jewels)

What are we protecting? List 5–7 items max.

- [ ]
- [ ]
- [ ]
- [ ]
- [ ]

---

## 2. Entry Points

Where can an attacker reach the system? Be specific (e.g., `POST /api/orders/{id}`, not "our API").

- [ ]
- [ ]
- [ ]
- [ ]
- [ ]

---

## 3. Abuse Paths

How could each entry point be misused? Format: "Attacker does X via Y to cause Z."

| # | Abuse Path | Likelihood (1–3) | Impact (1–3) | Score |
|---|------------|------------------|--------------|-------|
| 1 |            |                  |              |       |
| 2 |            |                  |              |       |
| 3 |            |                  |              |       |
| 4 |            |                  |              |       |
| 5 |            |                  |              |       |

**Score interpretation:** 1–2 = monitor, 3–4 = next sprint, 6–9 = pre-launch action

---

## 4. Impact

For each top-scored path, what does it cost when it happens?

- User harm (data exposure, account takeover, financial loss)
- Trust damage (public disclosure, customer churn)
- Operational impact (outage, support load)
- Cost spike (resource consumption, API abuse)
- Contractual or legal exposure

---

## 5. Controls — Top 3

Pick the smallest control that closes the biggest hole. Each gets one owner, one due date, one acceptance test.

| # | Control | Owner | Due Date | Acceptance Test | Status |
|---|---------|-------|----------|-----------------|--------|
| 1 |         |       |          |                 |        |
| 2 |         |       |          |                 |        |
| 3 |         |       |          |                 |        |

---

## Now / Next / Later

| Now (this sprint) | Next (sprint+1) | Later (documented debt + trigger) |
|-------------------|-----------------|-----------------------------------|
|                   |                 |                                   |
|                   |                 |                                   |
|                   |                 |                                   |

---

## Pre-Launch Eligibility Checklist

- [ ] Token lifetime and revocation policy documented
- [ ] Object-level authorization tested on top 3 APIs
- [ ] Webhook signatures verified and replay-protected
- [ ] Sensitive data redacted in analytics payloads
- [ ] Admin actions produce audit log entries (B2B/enterprise only)

Any "no" → ticket with owner and due date before release.

---

*Template by GRC Vitrix · grcvitrix.com · Free to use and adapt*