While ‘Threat Modeling’ is a vast topic and there are numerous sub-topics which can be discussed, here is brief post about the different aspects of ‘Threat Modeling’. ‘Threat Modeling’ in common layman terms figures the things that can go wrong in any system and the ways in which these wrong things can be corrected. This in turn makes systems safe and secure.
What is ‘Threat Modeling’?
In technical jargon, ‘Threat Modeling’ is a proactive approach and it involves identifying threats, vulnerabilities in a system which can then appropriately be mitigated. The security and privacy posture of the system can be improved by performing threat modeling. The “threats” that are received post the threat modeling process can be used to make informed decisions in the design, development and post deployment stage.
Subconsciously, we are all doing ‘threat modeling’ in some way or other. Some simple examples may be – we build a house and make it strong enough to withstand the effects of rain, snow, wind and other weather conditions.
Who can do ‘Threat Modeling’?
Anyone who is involved in the SDLC can perform the “threat modeling” process. All developers, software designers and architects can do threat modeling. It can be applied to systems, networks, applications, distributed systems.
When can ‘Threat Modeling’ be done?
‘Threat Modeling’ can be done at any stage in the SDLC but it is good to do it continuously over the entire life cycle. This will ensure that all threat vectors will be caught immediately and instantly mitigated. The ‘threat model’ that is created initially might be more high-level while the threat models that follow later on in the SDLC might be more refined and it can detect more threat vectors.
What is the Threat Modeling Manifesto?
The ‘Threat Modeling Manifesto’ helps us to perform the ‘Threat Modeling’ process efficiently by asking some key questions. These are some key questions we can ask before performing ‘Threat Modeling’:
- What are we working on?
- What can go wrong?
- What are we going to do about it?
- Did we do a good job?
What are the different Threat Modeling methodologies that are present?
While no one methodology is recommended over the other to do Threat Modeling and it depends on each organization, there are a number of threat modeling methodologies, some of which are listed below:
A. STRIDE
B. PASTA
C. LINDDUN
D. CVSS
E. Trike
F. VAST
G. OCTAVE
How is Threat Modeling done?
According to the OWASP site, threat modeling is done by following a three step process.
- Decompose the application
- Determine and Rank Threats
- Determine Countermeasures and Mitigation (Reference: https://owasp.org/www-community/Threat_Modeling_Process)
We have seen a brief overview of ‘Threat Modeling’ in this post. Let us delve more into this interesting topic in subsequent posts!