Efficient Threat Modeling for Secure and Compliant Software at Scale

Threat modeling is a proactive process that identifies potential attacks to an important asset so mitigations can be developed prior to any negative impact.

 

Building secure software is increasingly important to organizations. Regulators demand it, customers demand it, and leading companies understand that a documented and evidence-based secure development program can provide a competitive advantage.

 

Threat modeling can provide the foundation of such a program.

Using threat modeling during the requirements phase of the Software Development Life Cycle (SDLC) allows development and security to reach agreement on how the application is built – including required mitigations and controls – and more accurately forecast delivery commitments.

Threat modeling allows teams to anticipate weaknesses in an application that an adversary could exploit and identify countermeasures and controls to mitigate those weaknesses. These countermeasures and controls become non-functional security requirements development and operations can implement alongside the functional product requirements. This proactive approach reduces the number of vulnerabilities that would otherwise be identified by security testing later in the development process (or completely overlooked!).

Historical threat modeling techniques such as the ‘Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of Privilege' (STRIDE) and ‘Process for Attack Simulation and Threat Analysis' (PASTA) are still renowned for their meticulous manual methods.

 

Notably, STRIDE has been a reliable framework since its inception in 1999 by Microsoft.

 

In contrast, the ‘Common Vulnerability Scoring System' (CVSS), developed by the ‘National Institute of Standards and Technology' (NIST), often complements these traditional techniques, lending a more holistic approach to threat assessment.

 

Likewise, the application of attack trees further fortifies this comprehensive methodology, often used in combination with other threat modeling frameworks.

 

Other noteworthy methodologies making a significant difference in the cybersecurity landscape encompass:

 

• The Security Cards
• ‘Linkability, Identifiability, Non-repudiation, Detectability, Disclosure of information, Unawareness, and Non-compliance' (LINDDUN)
• Operationally Critical Threat, Asset, and - Vulnerability Evaluation' (OCTAVE)
• ‘Hybrid Threat Modeling' (hTTM)
• ‘Quantitative Threat Testing Methodologies' (Quantitative TTM)
• ‘Visual, Agile, and Simple Threat modeling' (VAST)

It’s worth mentioning that every threat modeling methodology, old or new, plays a vital role in ensuring the best possible security measures are in place to tackle potential cyber threats.