Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Application Threat Modeling
October 13, 2020
Modern hackers often use advanced techniques such as endpoint security evasion, bypassing intrusion detection systems (IDS) and web application firewalls (WAF) to break into companies’ networks and steal or compromise sensitive data. Also, it may not be necessary to gain full administrative / root privileges on an application server for an attacker to accomplish these goals. As a result, it’s critical to secure applications and other necessary data they use.
A variety of techniques inform the secure software development lifecycle (SDLC), with one of the most important being application threat modeling (which is implemented during the design process).
Application threat modeling visualizes an application's attack surface to identify threats and vulnerabilities that pose a risk to functionality or data. By decomposing the application architecture into its security-relevant components, teams can better understand the various threats and risks the application might face.
Development teams should understand that threat modeling isn’t a one-time activity – it’s iterative. When the application changes (e.g., applying bug fixes, introducing new features, optimizing the application for quicker load, etc.), the threat model needs to be updated.
Performing threat modeling at the beginning of the secure SDLC process, when the application is being built, helps development teams identify attack surfaces and entry points which an attacker could use to breach the security of the application. Performing threat modeling during the design phase is, on average, cheaper than doing it at a later stage because of the resulting remediation costs. For example, correcting an architectural flaw during the design phase after threat modeling is much easier than during development or testing phases, after significant engineering time has already been spent.
Threat modeling helps structure developer thinking about system security by adopting an attacker's perspective. Documentation from this process provides application teams with a useful "defender analysis" of probable attacker profiles, the most likely attack vectors and the assets most desired by adversaries.
How to Perform Threat Modeling?
There is no one definitive way to perform threat modeling. Several methods can be used to achieve the same objective. The four main steps are noted here.
Figure 1: Threat Modeling Steps
Threat modeling helps development teams to adopt an attacker's mindset and think offensively to understand better the value of a system, its assets and potential threats. This aids dev teams in designing a more secure system that’s resistant to attacks.
The benefits of threat modeling include:
Threat modeling can be classified into the following categories:
Software-centric threat modeling has become the de facto method for threat modeling in the last few decades.
With Agile development methodologies and DevOps taking center stage in recent years, implementing traditional threat modeling to modern workstreams requires a significant cultural shift and likely causes too much friction. In these cases, it’s better to embrace a security-focused mindset throughout the software development lifecycle. Unfortunately, threat modeling cannot be fully automated, as it's a mostly manual activity.
Threat modeling in Agile is by necessity different than in Waterfall or other software development methods. As the Agile methodology is based on fixed timeframes of work (sprints), an approach like a time-boxed STRIDE methodology can be applied. In this case, each threat modeling activity is given a specific duration of time (e.g. 30 minutes) and focuses only on a small subset of the application.
Threat modeling in Agile is performed by using short workshops that are scheduled within each sprint. Team collaboration and brainstorming play an important role here due to short release cycles. The workshop activities are:
Figure 2: Agile Threat Modeling Steps
Threat modeling across sprints phases:
Figure 3: Table summarizing threat model in Agile
The most common threat modeling methods used today include:
STRIDE is a tried and well-tested model for application threat modeling. Other methods may not scale well and may be helpful only with limited use cases—some models, such as P.A.S.T.A, may require the use of questionnaires to gather information. Application engineers and owners may lack the expertise to effectively respond to questions security teams often ask to produce a useful model. Usage of the ATTACK TREE method may require in-depth knowledge of the system environment and its associated components to prepare all possible relationship trees.
As threat modeling has continued to emerge, several tools have been developed to help in the creation and maintenance of threat models.
Here’s an example of a threat modeling diagram with threats derived using STRIDE.
Figure 4: Sample Threat Model
The following are some of the free and commercial threat modeling tools currently in use:
September 11, 2020
Moving functionality from Java to native implementations in Android increases obscurity but not security.
August 13, 2020
Netwrix Account Lockout Examiner (versions prior to 5.1) allows an unauthenticated remote adversary to capture the NTLMv1/v2 challenge response....
September 16, 2020
Palo Alto Networks Prisma Compute can help minimize the risk of deploying untrusted images.
Let us know what you need, and we will have an Optiv professional contact you shortly.