What is Threat Modelling in web application security?
Threat Modelling, as the name implies, is an activity performed to discover and mitigate threats. Businesses require a detailed and high-level image of existing threats. It is not just underlining all the threat vectors present in the environment but detailing them in a top-down grade. It will help focus on decision making, prioritize action plans and how well an organization use its resources in the process.
In a web application security testing methodology, threat modelling plays a crucial role. The risk assessment models attack and defence sides of an entity like data, systems, and environment. The fundamental need behind threat modelling points to using the limited availability of security resources to the fullest.
How is Threat Modelling performed?
Typically, threat modelling involves thinking like a potential attacker. You ask questions like ‘What do you have that worth for attacks’, ‘How the attack will run’, and ‘Where the attacker might start from’. The process also utilizes visual aids that let organizations clearly understand and figure out threat vectors efficiently.
To easily understand the modelling process, let us take the example of your house and see how threat modelling ensures protection. In threat modelling the scenario, the initial thing you do – sketching each floor of the house and the gates for penetration like windows and doors. Then, you dig to find out what the stealer would look to steal from the house. Next, you start finding their ways of infiltration towards the inside. And finally, you look for protection against the same (locks, camera, alarms and safe).
Threat modelling is one of the major web application security requirements. Web applications not just stand by themselves but connects other system elements like operating systems, web servers, application servers and data stores. And these elements again connect to a wide range of devices and subparts. Hence, threat modelling should not confine to web applications and should hold a larger scope to incorporate other elements.
Who should conduct Threat Modelling?
In Threat Modelling, you could think of merging complete stakeholders with security experts. By doing that, you could have different perspectives and details from separate ends of your business that would otherwise go missing. It wouldn’t also sound strange if involving subcontractors, business partners, or customers inside the scope of threat modelling.
A simple way of doing this is to ask your respective team staff to pretend as if they are attacking your business. What do they expect to be most valuable and worth compromising or stealing from the business?
You could think of responses like development teams saying the codebase involves an open source and unique algorithms. Likewise, the sales team would sometimes go for webpage defacement and how it can impact your brand value. Also, you may get an opinion of how easy a server room can be assessed physically from office administrators.
Where and when to perform Threat Modelling?
As cited earlier, Threat Modelling plays a significant part in web application security testing services. The exercise could begin at the start of app development and must not cease, being a crucial part of information security risk management. It is a golden phrase in security – Early to detect threats, more ways to protect and lesser impact. So, as soon as your business thinks of developing a web app, security experts need to model potential threat vectors. And that would exactly mean that threat modelling should get incorporated into the early software development lifecycle (SDLC) process.
When technologies and systems constantly evolve, threat modelling can never cease. Whenever a change happens to your environment, it should relate to potential threats getting evaluated. Even a minute shift induces a newer threat possibility. Correspondingly, you require extending threat modelling beyond your entity border. The process should never be limited to your business assets but must involve business partners, users, etc. With this, you can build robust protection against direct and indirect threats.
Different stages of Threat Modelling
Threat Modelling segments into 4-stages, namely: –
- Threat Enumeration
What is the easiest and most convenient way of detailing how your system gets built? It is diagramming as they are easy to understand by most people. Have you heard of the term DFDs? Data Flow Diagrams (DFDs) are the most popular diagramming used in Threat Modelling. DFDs focus on data and let you figure out trust boundaries.
After you get the initial diagrams, all parties look at these from their perspectives and try digging out security faults. Threat enumeration/mitigation uses multiple tools and techniques that help cover all threat categories, meeting web application security requirements. It also includes building attack trees and designing appropriate security controls. And the verification phase lets you validate the mitigation efforts.
While performing threat intelligence for web apps, one of the significant threat types to get identified is web application vulnerabilities. Typically, during threat enumeration, you need to determine if your web app is open to OWASP Top 10 Attacks. Likewise, penetration tests are yet another vital exercise to perform during threat enumeration and mitigation.
Thankfully, organizations could easily rely on web application security testing services from a trusted consultancy like ValueMentor. We can help you prioritize and manage issues effectively.
What Threat Modelling approaches do you require?
Different methodologies exist that you can use for threat modelling. The most prevalent one is STRIDE, designed by Microsoft in 1999. The name stands for six key elements you should consider while doing threat modelling: -Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privileges.
Further, there are methodologies like PASTA (Process for Attack Simulation & Threat Analysis), VAST (Visual, Agile, and Simple Threat modelling), TRIKE and many more. Threat modelling methodologies rely on your system architecture, business objectives and requirements. To select the right one, you must do thorough research that goes beyond the insights reflected in this article.
So, let’s conclude the article by quickly wrapping some of the best benefits organizations could witness from Threat Modelling for Web apps. And that include: –
Threat modelling complements other security exercises such as penetration testing and code reviews helping design more secure system architecture.
It assists engineering teams better understand app interactions with internal and external systems.
It helps define the true security posture of web applications.
It helps uncover potential threats and vulnerabilities present in an application.
Initial stage threat modelling help identify architectural faults or defects sooner.
It lets development teams make security trade-offs and determine different levels of risks.