Modeling a Web Application

From: Application Threat Modeling

A Beginners Guide To The STRIDE Security Threat Model

1. Explain threat modeling using real-world non-technical examples.

• People naturally conduct a small degree of threat modeling in their daily life. When something matters to you, it makes sense to protect it. Thinking proactively about the situation and then taking steps to assure a favorable outcome is essentially threat modeling.
• Have children? When a woman is preggers, there are considerations to be made. What hospital do we want? do we know the best route? what are the emergency numbers? who should we contact? What info will we need? What will we need to bring? Hpw should we prepare?

2. What are the four questions that can help us organize threat mo deling?

• What are we working on?
• What can go wrong?
• What are we going to do about it?
• Did we do a good job?

3. You are the project lead for a new application. How would you explain the benefits of Threat Modeling to the rest of the team?

• Threat Modeling provides a clear "line of sight" across a project. What does that mean? Think of it this way... You are tasked to work on a project (or you are a visionary, and this project is your creation). Threat modeling can be considered a proactive approach through the valley of uncertainty to Quality Assurance Mountain using the "clear line of sight" blazing a path of due diligence that is threat modeling. You can rest assured (and be able to demonstrate/prove) that steps were steps to offset threats to your project.

Bookmark and Review

• Threat Modeling Security Fundamentals