Threat modelling is a method for proactively identifying, categorising, and analysing potential threats. Threat modelling can be used as a proactive measure during the software design, software development, product release phase or as a reactive measure once a product has been created. In any scenario, the process identifies potential system dangers, their likelihood of occurrence, the priority of concerns, and methods to eliminate or mitigate the hazard.
Threat modelling isn’t supposed to be a one-time thing. Instead, it’s intended to begin early in a system’s design process and continue throughout its existence.
A defensive approach to threat modelling takes place during the early stages of product development, specifically during initial design and specification establishment. Product development may adopt secure development best practices to ensure creditable encryption algorithms are deployed. This method is based on predicting threats and designing specific defences during the coding and crafting processes. In most cases, integrated security solutions are more cost-effective and more successful than those shoehorned in later. While not a formal phrase, this approach to threat management might be termed proactive.
Unfortunately, not all risks can be expected during the product design process, thus a reactive threat management method is still required to deal with unforeseen situations. This method is sometimes referred to as “threat hunting” or an adversarial approach. After a product has been produced and delivered, an adversarial method to threat modelling is used. This deployment could take place in a test or laboratory setting or in the open market.
The underlying notion of ethical hacking, penetration testing, source code review, and fuzz testing is threat hunting. Although these methods are often effective in identifying defects and threats, they do necessitate more coding time to implement new defences, which are usually published as patches. As a result, security patches are less effective (than defensive threat modelling) at the risk of diminished functionality and user-friendliness.
Threat Modeling Agenda
Because there are virtually unlimited risks, it’s critical to adopt a structured IT strategy to effectively identify relevant threats. Some businesses, for example, employ one or more of the following three strategies:
High value asset Identification: This strategy makes use of IT asset appraisal results to try to spot dangers to valued assets.
Attackers Strategy: Based on the attacker’s objectives, aims, strategies, techniques, and procedures, some companies can detect potential attackers and the threats they pose.
Review Software development process: When a company develop product, it should consider a deep discussion about potential security vulnerabilities, review cloud endpoints, number of third party API calls, database connection entities for software development.
Threat Modelling Methodologies
Usually, there are seven renowned threat modelling methodologies that are helpful to utilise as a guide or reference while trying to inventory and categorise hazards.
7 best threat modeling methodologies
- STRIDE
- DREAD
- PASTA
- VAST
- Trike
- OCTAVE
- NIST
Although the STRIDE threat model was developed by Microsoft to categorise threats, The abbreviation STRIDE stands for the following:
Spoofing: An attack with the purpose of getting access to a target system by impersonating someone else. When an attacker impersonates a legitimate or authorised entity, they can often get beyond filters and blockades that prevent illegal access.
Tampering: Any action that causes unauthorised data alterations or manipulation in transit or storage.
Repudiation: The ability of a user or attacker to maintain plausible deniability while denying performing an action or activity. Innocent third parties may be blamed for security breaches as a result of repudiation attacks.
Information disclosure: The revelation or distribution of private, confidential, or controlled information to external or unauthorized entities.
Denial of service (DoS) is an attack that tries to prevent a resource from being used by authorised users. This can be accomplished by exploiting flaws, overloading connections, or flooding traffic.
Elevation of privilege: is a type of attack in which a limited user account is upgraded to one with more privileges, powers, and access.
Author Details
This blog is written by Amit Kumar, Head of enginering at Checkmate Global Technologies. You can reach out to him if you planning to adopt secure development best practices or looking for a reliable offshore technology partner for MVP development. You can reach out to our technical consultants. We offer dedicated development to manage entire product engineering operation, including Cloud DevOps engineering, production operation management, Data engineering services and mobile app development. For more details, book a call with our consultants today!
#CyberSecurity #SoftwareDevelopmentOutsourcing #Cloudcomputing #DevOpsmanagment
