Threat modeling is a structured approach used in cybersecurity and software development to identify and assess potential security threats and vulnerabilities in a system or application. It involves analyzing the system's architecture, components, data flow, and interactions to understand where security risks might arise and how to mitigate them. Threat modeling is crucial for several reasons:
How to Troubleshoot Apps for the Modern Connected Worker
Threat-Model.pdf
1. Prepared by Sathish Kumar
1 CONTENTS
2 What is Threat-Modeling? ...............................................................................................................2
3 Key steps involved in Threat-Modeling.............................................................................................2
4 When should we consider Threat-Model .........................................................................................2
5 Shift Left..........................................................................................................................................3
6 Threat-Modeling Methodology........................................................................................................3
2. 2 WHAT IS THREAT-MODELING?
Is a proactive approach to identify and mitigate potential threats and vulnerabilities.
3 KEY STEPS INVOLVED IN THREAT-MODELING.
1. Scope definition.
2. Identifying Asset - Identifying critical assets and understanding the value of them.
3. Identifying potential threat - Brainstorm and identify different potential threat involved.
Threat categorizes can be tech or non tech, includes, SQL injection, Data breaches, Un-
authorized access, social engineering, etc.
4. Identifying vulnerabilities – weakness in our environment.
5. Analyzing Risks – evaluate potential Impact and likelihood of previously identified threats. For
instance, evaluating how ease of exploitation of threat, lack of security controls or historical
incident data.
6. Prioritize and mitigate Risk – Here we prioritize Identified Risks based on their severity,
likelihood, and potential Impact. Also Identify the countermeasure to mitigate those risks, for
instance, following secure coding practices, enhancing access controls, performing security
testing, or adding IPS/IDS.
7. Document and communicate – to relevant stakeholders (developers, architects, security teams,
management)
8. Validate and update – this is a continuous process, system evolve, or new threat identified must
follow the threat modeling.
4 WHEN SHOULD WE CONSIDER THREAT-MODEL
1. During the design phase of SDLC.
2. When major changes are made.
3. During iterative development.
4. During system upgrades or updates.
5. When integrating third party components or services.
6. Ongoing monitoring and maintenance.
3. SDLC Life Cycle and Corresponding threat-model:
Threat-Model Pentest Disclosure
Big bounty
Automated
Code Review/ Security checks
Static code in Pipeline
Analysis
Almost in every phase of SDLC we perform some or other security related tasks, then why it is important
that threat model and why it as to perform early phase of software development?
5 SHIFT LEFT
Is the answer for this question, for people doesn’t know what Is shift left is process of incorporating
security measures and testing early in the software development lifecycle (SDLC) or Devops process. This
approach aims to identify and address security issues as early as possible.
Advantages of this approach, early risk identification, cost effective (fixing defects in early stage is cost
effective), Security by design.
6 THREAT-MODELING METHODOLOGY
In general, there are several threat modeling methodologies like (STRIDE, DREAD, PASTA, Trike, OCTAVE,
Kill Chain, HARA, VAST, CARVER, VAPT) We are going to see in detail about STRIDE.
Initiation Requirement Design Build Test Deploy Maintain
4. STRIDE – Six common threat categories.
• Spoofing: Attackers show themselves as legitimate users. Authentication
• Tampering: Unauthorized modification or alteration data or software, either in transit or modify
file to achieve their malicious activity. Integrity
• Repudiation: involves denial of action or event by a user or system entity. Non-repudiation
• Information Disclosure: this breaks the security principle of confidentiality.
• DOS: Aim to distract or disable the service. Availability
• Elevation of privilege: can break any of CIA involve unauthorized escalation of user privileges or
access rights within a system, they claim higher privileges to attempt their activities.
Pros: Comprehensive coverage. Clear categorization, Scalable from small to large scale.
Cons: Simplistic categorization, lack of prioritization its just give framework, limited guidance on
Countermeasures.