Goal: The goal of the treat modeling is to redure the risk as can be applied as a repeatable process. It has numerous benefits. In this post, we will learn to answer following questions:
What is Threat Modelling?
You have build a Web App which allows visitors to subscribers to a mailing list and a sign-up for the account. When you list down systematically all the potential ways one can attack your application. That is Threat Modelling in a Nut Shell. Remember Two Key Terms - "Systematic Approach". Threat modelling should be a repeatable process in the SDLC. Second Important key term is "Abuse". You are constantly looking at the Attacks in order to find vulnerability. Another apporach is to develop a probable threat scenarios and list of threats. It's an holistic approach to reduce the risk of an application.
Bug - Software Defects
Vulnerability - Weakness that can be exploited
Attack/Incident - Needs a Target, Need a Threat Vector (Path an attacker can take to exploit the vulnerability) and a Threat Actor.
Threat Surface- Anything that can be obtainer, user or attacked by a threat actor
Risk - Risk = Impact * Liklihood
Why you should do Threat Modelling?
Remember the goal is to Risk Reduction. There are other methodology to serve the same purpose as well for example Penetration Testing, Source Code Analysis, Architectural Risk Analysis, Vulnerability Scanning. Lets discuss about the reasons to use Threat Modelling
Who Should Theat Model?
When to perform Theat modelling?
Threat Modeling Approachs
We will discuss about the following approaches of Threat Modeling. The End goal will be to Generate a list of Threats.
Example Scenario - A simple webapplication. Anonomayos users can visit the website. Sites runs a Content Management System and only authorized users can access it. Mailing Componenet to send out web mails
Asset-Centric/Risk Approach: In this approach we focus on the things you want to protect for example: Example : Databases, Email accounts, Account Credentials, Servers
Attacker-Centric/Security Approach:This apporach is preferred by Pentesters. You'll need a team of highly qualified Security Engineers to succeed in the approach.
Application-Centric Approach: Think about the Application and get famalier with the application. User Step 1: Draw a diagram of the application. For example: Data Flow Diagram
Step 2: List threts for each eleements. STRIDE (Threat Classification Model), OWASP Top 10
Step 3: Rank Threat using classification model
Threat Modeling Methodologies
In this section, we will discuss about the approaches for threat modeling focused towards the asset centric and application centric approach.
PASTA - Process for Attack Simulation and Threat Analysis
This is a threat modeling and threat analysis process. It's an asset centric approach with 7 Stages
Microsoft Threat Modeling
It's a Threat Modeling Framework. Focuses on Technical risk, It's a developer driven approach.
Octave - Operationally Critical Threat, Asset and Vulnerability Evaluation
Visual Agile Simple Threat Modeling
Two Threat Model Types
Good for companies following Agile
What is the best methodology?
Choose a methodology based on team, organization and objective.
Asset Centric - PASTA
Application Centric - Microsoft Threat Modeling