Application Threat Modelling
Advances in web technologies coupled with a changing business environment, mean that web applications are becoming more prevalent in corporate, public and government services today.
Analyzing and modeling the potential threats that an application faces is an important step in the process of designing a secure application. Some of these threats are by nature very specific to the application, and one can only give general guidelines on how to identify such threats. But other threats are directly or indirectly related to the underlying platforms, technologies or programming languages.
Application threat modeling is a structured approach to identifying ways that an adversary might try to attack an application and then designing mitigation to prevent, detect or reduce the impact of those attacks.
Threat Modeling involves identifying assets, identifying potential threats to those assets, categorizing the threats and identifying mitigation strategies in a structured process.
It is essential to build security into the Software Development Life Cycle (SDLC) to prevent reoccurring security problems within an application.
Identifying potential threats against the system modeled is one of the main goals of the Threat Modeling process. By understanding the threats it is possible to determine an application’s vulnerabilities. Microsoft developed the STRIDE model for identifying and classifying threats into categories. STRIDE is an acronym for: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege.