The Threat Modeling Tool is a core element of the Microsoft Security Development Lifecycle (SDL). It allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. STRIDE is a model for identifying computer security threats developed by Praerit Garg and Loren Kohnfelder at Microsoft. It provides a mnemonic for security threats in six categories.
The threats are:
- Information disclosure (privacy breach or data leak)
- Denial of service
- Elevation of privilege
- From DevOps to DevSecOps – SDLC
- Security Modeling and Threat Modeling Resources
- Two Simplified TRA (Threat and Risk Assessment) Examples (Quantitative & Qualitative)
- Layered Security Architecture -Cyber Security Technology with NIST Cyber Security Framework
Download Microsoft Threat Modeling Tool
Launch the Threat Modeling Tool
Step 1: Diagram – DFD – What are we building?
Step 2: Identify – What can go wrong?
This step baiscally is to identify the threats. In this step, we will need to analyze step1’s diagrams to understand the actual threats, which is to answer the question, what can go wrong?.
Step 3: Mitigate – What are we going to do about that?
Once you’re done identifying threats, you will end up with a master list or library of threats associated with each asset and its operations and a list of possible attacker profiles. Now you need to figure out which of these threats your application is vulnerable to.
- Don’t do anything (too low risk or too difficult to make the associated threat)
- Remove the feature associated with it
- Turn the feature off or reduce the functionality
- Bring in code, infrastructure, or design fixes
You will also be creating a log of vulnerabilities to be subsequently addressed in future iterations.
Step 4: Validate – Did we do a good enough job?
During validation, you check if all vulnerabilities have been addressed. Have all the threats been mitigated? Are the residual risks clearly documented? Once this is done, you need to decide the next steps to manage the identified threats and decide when the next iteration of threat modeling will be. Remember that threat modeling is not a one-time activity. It needs to be repeated either at scheduled intervals or during specific milestones in the application development.
Example Diagrams (from OWASP)
Example 1: Data Flow Diagram for the College Library Website.
2 Example 2
Example 2: User Login Data Flow Diagram for the College Library Website.
4.4 Threats and Controls (Product)
1. Can not resize the shape