Common threat lists with examples can help in the identification of such threats. From the defensive perspective, ASF categorization helps to identify the threats as weaknesses of security controls for such threats. These threats can be classified further as the roots for threat trees there is one tree for each threat goal. DFDs produced in step 1 help to identify the potential threat targets from the attacker’s perspective, such as data sources, processes, data flows, and interactions with users. The goal of the threat categorization is to help identify threats both from the attacker (STRIDE) and the defensive perspective (ASF). A threat categorization such as STRIDE can be used, or the Application Security Frame (ASF) that defines threat categories such as Auditing & Logging, Authentication, Authorization, Configuration Management, Data Protection in Storage and Transit, Data Validation, and Exception Management. Step 2: Determine and Rank ThreatsĬritical to the identification of threats is using a threat categorization methodology. The DFDs show the different paths through the system, highlighting the privilege boundaries. It is also used to produce data flow diagrams (DFDs) for the application. This information is documented in a resulting Threat Model document.
This document describes a structured approach to application threat modeling that enables you to identify, quantify, and address the security risks associated with an application. Determine Countermeasures and Mitigation.Step 3: Determine Countermeasures and Mitigation.
Using a simple case study-a billing system for a media server that serves ads-Adam shows how to apply the principles and find security and privacy problems so the developer can include appropriate configurations and controls as part of the operational design and rollout.
Instructor Adam Shostack also reviews the STRIDE model for identifying six types of threats: spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege. This training course provides an overview of the traditional four-question framework for (1) defining what you're working on, (2) discovering what can go wrong, (3) deciding what to do about it, and (4) ensuring you've done the right things in the right ways for the systems you're delivering.
Threat modeling is a framework for thinking about what can go wrong, and the foundation for everything a security professional does. In the twenty-first century, no one doubts the importance of cybersecurity.