2. Threat Modeling: System Design or the Design phase is a crucial phase in SDLC where the Architects prepare a blueprint of the hosting environment for the application to be developed.
Typical three-tier architecture consists of the following layers:
- User Interface
- Application Logic and
Given the Architecture diagram and functional requirement specification document, it is a pain taking activity to identify the possible security threats to the proposed architecture while this is still on paper. So here is where our Security professional’s vast experience comes into picture as s/he has to identify the possible threats and propose a secure environment setup so that the application will be hosted securely.
Is there any Industry Standard or Process to identify and rank Threats? By whom? What actually happens in this process? Let’s try to figure out if we can get some answers to the above questions.
OWASP and Microsoft have provided some excellent guidance on this Threat Modeling process. Below is an extract from Microsoft website that shows the steps involved in this process.
- Identify Assets: Identify which are the critical assets / information / files/ locations containing sensitive or private information
- Create an Architecture Overview: Create an architecture diagram to provide a clear understanding of the proposed application and its hosting environment
- Decompose the Application: Decompose the architecture diagram to identify the various entry and exit criteria
- Identify the Threats: Determine the possible threats using STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privileges) and from whom these threats could occur
- Document the Threats: Identify the various Assets, Threats and Controls. Capture the list of threats that are missing security controls and provide suitable fix recommendations for each
- Rate the Threats: After a discussion with the respective Client/Customer follow the DREAD (Damage potential, Reproducibility, Exploitability, Affected Users, Discoverability) model to rate each of the identified threat
To sum it up:
- Gather Architecture diagram, Functional Requirement Specifications, Design details
- Identify Assets, Threats, Threat Agents, Controls
- Risk rank each identified Threat
- Provide relevant fix recommendations
- Carry forward all artifacts and observations to the next phase of SDLC
Benefits of integrating Security in Phase2:
- Crucial Assets and its compensating Controls are clearly depicted
- Threats to each Asset is identified and compensating Controls are recommended
- Assists in identified additional security vulnerabilities in the next phase of SDLC
- Major Advantage: By precisely identifying the Threats and mitigating right in the Design phase helps Organizations save at least 30% of the operational cost that shall be incurred by not conducting the Threat Modeling in this phase. How did we arrive at this 30%? (Please contact SecureFirst Solutions for more details)