8 February 2018
The need for increased application security is dramatically changing the way software is built – for the better. By prioritising security during development, programmers are able to build applications that are less vulnerable to hacking and exploitation once deployed.
In the age of the Global Data Protection Act, businesses need to be sure that their applications, and the data contained in them, are safe from hackers.
Threat modelling – what it is
Threat modelling is a structured process for identifying and quantifying security risks associated with your applications. The idea is to assess software from a cyberattacker’s point to view, trying to spot weaknesses and vulnerabilities that could be used to compromise the system.
By mapping out data and process flows, developers are able to visualise weaknesses, and to prioritise and program the necessary fixes. Threat modelling provides a framework for these processes to be templated and repeated on all future projects too. A well designed framework offers flexibility for use with other diagramsOften threat modelling takes place prior to development starting, although the process can also be applied to mature applications. A threat modelling framework is typically concerned with application vulnerabilities and the data stored (or accessible) in an app, rather than the actual code which causes the issues.
Threat modelling – what it isn’t
Because threat modelling and security code reviews both take place during the development phase, they are sometimes confused – but they are not the same thing. Threat modelling seeks to identify weak points in the design of a system, while code reviews are intended to catch problems that have already been coded.
Importantly, threat modelling can take place at any point of the development process, from pre-code planning through to analysis of a deployed application. Code reviews can only take place once development has begun.
Threat modelling is intended to be a flexible framework that supports an iterative testing regime. It is not a one-off exercise, but a discipline that needs to be invoked several times during a software development project.
Why should your developers receive threat modelling training?
The Open Web Application Security Project (OWASP) classify threat modelling as an essential aspect of designing secure applications. Effective threat modelling is more involved than simply trying to think like a cyberattacker however.
Integrating threat modelling with existing Agile / DevOps / Continuous Integration developer workflows will require your development teams to create new processes. Threat modelling training provides a detailed overview of the necessary disciplines, and how to identify and resolve application security issues according to OWASP best practice.
“As well as implementing threat modelling as a key aspect of in house application development, employers must also seriously consider placing their programmers on Secure Java or ASP.NET training courses to ensure they can properly deal with the issues identified,” says JBI’s application security expert George Hill, “Without that additional training, it is unlikely that applications will ever be properly secured – even if all the inherent vulnerabilities have been identified.”
This understanding will be crucial to building more secure applications in future. It is also important to note OWASP best practice calls for threat modelling and code review exercises to create all-round secure applications.
To learn more about building secure applications and threat modelling training courses, please get in touch.