About Threat Modeling

Threat modeling is a structured process with these objectives: 

identify security requirements, pinpoint security threats and potential vulnerabilities, quantify threat and vulnerability criticality, and prioritize remediation methods.

Threat modeling methods create these artifacts:

• An abstraction of the system
• Profiles of potential attackers, including their goals and methods
• A catalog of threats that could arise

How does threat modeling work?

Threat modeling works by identifying the types of threat agents that cause harm to an application or computer system. 

It adopts the perspective of malicious hackers to see how much damage they could do. When conducting threat modeling, organizations perform a thorough analysis of the software architecture, business context, and other artifacts (e.g., functional specifications, user documentation). This process enables a deeper understanding and discovery of important aspects of the system. 

Threat Modelling Training Course in London

An excerpt from a 2 day JBI Threat Modelling training course showing an agile architecture session.

Advantages of threat modeling

When performed correctly, threat modeling can provide a clear line of sight across a software project, helping to justify security efforts. The threat modeling process helps an organization document knowable security threats to an application and make rational decisions about how to address them. Otherwise, decision-makers could act rashly based on scant or no supporting evidence.

Overall, a well-documented threat model provides assurances that are useful in explaining and defending the security posture of an application or computer system. And when the development organization is serious about security, threat modeling is the most effective way to do the following:

• Detect problems early in the software development life cycle (SDLC)—even before coding begins.
• Spot design flaws that traditional testing methods and code reviews may overlook.
• Evaluate new forms of attack that you might not otherwise consider.
• Maximize testing budgets by helping target testing and code review.
• Identify security requirements.
• Remediate problems before software release and prevent costly recoding post-deployment.
• Think about threats beyond standard attacks to the security issues unique to your application.
• Keep frameworks ahead of the internal and external attackers relevant to your applications.
• Highlight assets, threat agents, and controls to deduce components that attackers will target.
• Model the location of threat agents, motivations, skills, and capabilities to locate potential attackers in relation to the system architecture.

Learn more about THREAT MODELLING training course
 

A "World Class" course - Learn how to identify Vulnerabilities and tackle them with Threat Models.

Threat modelling is a process to identify security weaknesses in software design and architecture, and define countermeasures that mitigate the malicious effects of the discovered weaknesses before any code is cut. Our training course is designed for software developers and architects in mind. Threat modelling is language-agnostic. It can be easily used for any software development project and with any modern workflow such as Agile or DevOps. The analysis work is done on the design of the software system in order to improve the quality of the code that will be delivered in-sprint.

• Gain an overview of secure SDLC and understand how threat modelling fits in
• Understand where and how Agile architecture fits in
• Gain an introduction to several common security classification systems
• Define elements of software that are security concerns
• Explore threat model types
• Learn about the traditional threat model process
• Discover dependencies
• Understand the Rapid Threat Model Prototyping (RTMP) process
• Apply Zones of Trust and use Zone rules to find threats
• Understand how to quickly classify threats
• Learn mitigation analysis
• Integrate RTMP in an Agile/DevOps process

Threat Modeling FAQs
 

What is threat model explain?

A threat model is a structured representation of all the information that affects the security of an application. In essence, it is a view of the application and its environment through the lens of security.

What are the five stages of threat modeling?

There are five major threat modeling steps:

• Defining security requirements.
• Creating an application diagram.
• Identifying threats.
• Mitigating threats.
• Validating that threats have been mitigated.

What is the first step in threat modeling?

The first step in the threat modeling process is concerned with gaining an understanding of the application and how it interacts with external entities. This involves: Creating use cases to understand how the application is used.

When should threat modeling be initiated?

While threat modeling should take place as early as possible, it's still a very useful activity no matter how close an application is to deployment or has been in production. While an app may have reached the end of its development cycle, you can still pick up threat modeling within the support cycle.

Why do we conduct threat modeling?

The purpose of threat modeling is to provide defenders with a systematic analysis of what controls or defenses need to be included, given the nature of the system, the probable attacker's profile, the most likely attack vectors, and the assets most desired by an attacker.

Who is responsible for threat modeling?

If your organization has a so-called Red Team, then they could be a great fit for this role; if not, you may want to have one or more members of your security operations or engineering team play this role. Or alternately, bring in a third party who is specialized in this area.