Read 29 401 - jserpa-p/lisbon-ops-301n1_Reading GitHub Wiki

Modeling a Web Application

Threat Modeling

Threat modeling works to identify, communicate, and understand threats and mitigations within the context of protecting something of value. A threat model should include a description of the subject to be modeled, assumptions that can be checked or challenged in the future as the threat landscape changes, potential threats to the system, actions that can be taken to mitigate each threat and a way of validating the model and threats, and verification of success of actions taken.

Updating threat models is advisable after events such as, a new feature is released, security incident occurs or architectural or infrastructure changes.

Threat Modeling: Four Question Framework

  1. What are we working on?
  2. What can go wrong?
  3. What are we going to do about it?
  4. Did we do a good job?

The threat model allows security decisions to be made rationally, with all the information on the table

Important concepts

STRIDE

  1. Spoofing

Spoofing involves pretending to be someone or something you're not, often with the intention of tricking others. It can happen in various ways, like email spoofing or caller ID spoofing, and is usually done to manipulate people into divulging personal information or falling for scams.

  1. Tampering

Tampering means secretly changing or altering something without permission. It can happen with physical objects or digital files. It's like messing with things to deceive or manipulate them, often to hide actions or mislead others.

  1. Repudiation

Repudiation means denying or rejecting something you did, even if there is evidence against you. In the digital world, it usually happens when someone denies doing something online, like making a purchase, even when there's proof they did. It creates problems because it's hard to prove who is telling the truth and can cause trust issues.

  1. Information Disclosure

Information disclosure means accidentally or wrongly sharing private or sensitive information with the wrong people. It can happen online when data gets exposed or sent to the incorrect recipients. This can cause problems like identity theft or damage to one's reputation.

  1. Denial of Service

Denial of Service (DoS) is when someone purposely overwhelms a computer system or website to make it stop working. It's like flooding a store with so many customers that no one can get in or shop. This can disrupt services and cause problems for users trying to access the system or website.

  1. Elevation of privilege

Elevation of privilege means getting more power or control than you should have. It happens when someone finds a way to bypass security measures and access sensitive information or perform actions they're not supposed to. This can cause serious problems for system security and data protection.

Questions

  • Explain threat modeling using real-world non-technical examples.

Threat modeling is like planning ahead for potential risks in real-life situations. For example, when you're preparing for a vacation, you think about what could go wrong (like losing your belongings or falling for scams) and take steps to prevent those problems. It's about being proactive and making sure you're prepared for possible risks to have a safer and smoother experience.

  • What are the four questions that can help us organize threat modeling?

You can see the four questions above in "Threat Modeling: Four Question Framework"

  • You are the project lead for a new application. How would you explain the benefits of Threat Modeling to the rest of the team?

Threat modeling is crucial for our new application. Here's why:

  1. Find Risks Early: Threat modeling helps us identify risks and vulnerabilities early in the development process. This means we can address them before they become big problems.

  2. Saves Money: By dealing with security issues early, we save time, effort, and resources in the long run. It's cheaper to prevent problems than to fix them later.

  3. Stronger Security: With threat modeling, we can design and implement security measures tailored to our application's specific risks. This ensures better protection for user data and prevents unauthorized access.

  4. Team Collaboration: Threat modeling involves everyone on the team, promoting collaboration and increasing security awareness. We can work together to find solutions and build a security-conscious culture.

  5. Compliance and Trust: By incorporating threat modeling, we show our commitment to meeting security standards and regulations. This builds trust with users and stakeholders.

Let's integrate threat modeling in our development process to build a secure application that users can trust!