2. Basic definitions
Threat Agent
Someone who could do harm to a system (also adversary).
Threat
An adversary’s goal.
Vulnerability
A flaw in the system that could help a threat agent realize
a threat.
Asset
Something of value to valid users and adversaries alike.
Attack
When a motivated and sufficiently skilled threat agent takes
advantage of a vulnerability.
3. Why Threat Modeling?
We must put
appropriate defenses
in our products
Because
attackers
Want to attack
our
application
4. Purpose
Identify threats and vulnerabilities.
Raise security awareness amongst developers.
Improve communication.
Identify areas of the architecture that require
more research etc.
5. Brief overview
Identify relevant threats and vulnerabilities in the scenario to
help shape the application's security design.
Input
Use cases
Data flow
Data schemes
Deployment Diagrams
Output
Threats
Vulnerabilities
6. Threat Modelling Steps
Step 1: Identify security objectives. Clear objectives help us
to focus the threat modeling activity and determine how much
effort to spend on subsequent steps.
Step 2: Create an application overview. Itemizing our
application's important characteristics helps us identify
relevant threats.
Step 3: Decompose your application. A detailed
understanding of the mechanics of our application makes it
easier for us to uncover more detailed threats.
7. Threat Modelling Steps(Cont.)
Step 4: Identify threats. Use details from steps 2 and 3 to
identify threats relevant to the application scenario and
context.
Step 5: Identify vulnerabilities. Review the layers of the
application to identify weaknesses related to the threats. Use
vulnerability categories to help focus on those areas where
mistakes are most often made.