Threat modeling: STRIDE methodology, attack surface enumeration, risk prioritization, data flow diagrams and mitigation