Threat profile, validation report, residual risk Threat Modeling • Systematic • Iterative • Structured Threat Modeling Benefits o Addressing design flaws o Reducing need for redesign o Reducing need to fix security issues Threat Modeling Challenges • Time • Mature SDLC • Trained resources • Preferential activity • Business operations Threat Modeling Security Objectives • DLP • Intellectual Property • High availability Threat Modeling Use • Software architecture teams identify threats • Development teams implement controls and write secure codes • Testers generate test cases and validate controls • Operations teams configure software securely Threat Modeling Prerequisites • Clearly defined information security policy and standards • Awareness about compliance and regulatory requirements • Clearly defined and mature SDLC process • Plan to act on threat model Model Application Architecture - Creating an overview, Identifying attributes • Identify the physical topology – Development of application, Internal only, demilitarized, hosted in the cloud • Identify the logical topology – components, services, ports, protocols, identity and authentication • Identify human and non-human actors of the system – customers, sales agent, system administration, DBA • Identify data element – product information, customer information • Generate data access control matrix – CRUD Identify Threats Trust boundaries – trust level or privilege changes • Identify entry points – search page, logon page, registration page, account maintenance page • Identify exit points – display information from within the system, search result page, view cart page • Identify data flows – DFD • Identify privileged functionality – elevation of privilege • Introduce mis-actors – hackers, malware • Determine potential and applicable threats – threat list, brainstorming Thank You