Posted by: Hasan Sameer
October 4, 2022
Threat modeling is a systematic way of identifying and evaluating application threats and vulnerabilities. When it comes to web applications, threat modeling refers to an organized approach to identifying security design problems early in the application design process. This approach helps you to devise mechanisms for the early mitigation of security issues before they cause any catastrophe. You can initiate threat modeling for web applications at any stage of development. More or less, the method of executing the process depends on your needs and capabilities.
of web applications used in the manufacturing industry host a malicious URL.
of malware is distributed through web applications.
of web applications lack physical security in the workspace.
of organizations are concerned about man-in-the-middle attacks on their web applications.
Web applications are reliant on interactions with other sources, systems, and databases for their proper functioning. This increases the overall surface of the application. Eventually, the risk of cyber attacks on the application increases. Threat modeling can describe the specific threats that an application is susceptible to. You may consider threat modeling as an extension of the risk assessment process. It enables you to identify and categorize security risks ranging from unauthorized system access to insecure physical data storage.
A threat model features underlying risk factors, identified threat actors, potential attack vectors, and the business impact of all these things. Along with identifying the problems, it also provides you with remedies. However, methods like Web Application Pentesting also help with identifying and eliminating potential security risks. But threat modeling offers a more systematic and question-driven approach for the same purpose.
There are five key steps in threat modeling for web applications. The model gets more and more detailed as the development cycle progresses. Let us go through the steps one by one:
There are three main aspects of identifying the security objectives within your application:
Security objectives are covered under the umbrella of the project objectives. You can use it to support your cause of action in threat modeling. After identifying the main security objectives, it becomes easier to divert your focus to the important things. Preventing crucial customer data such as passwords and profile information is a key point in the list of security objectives. Additionally, it includes protecting the company’s online credibility.
This step is about creating an outline of what the application can do. Here, your task is to determine and depict the key functionality and characteristics of the application that you are offering to your clients. This makes the process of identifying the relevant threats a bit easier. Like modern application development, threat modeling is also an iterative process. Accumulate as much detail as possible and then add more details later when there are any changes or additions in the design.
Chronology of application overview process:
This step involves breaking down the application to identify the key points such as boundaries, data flows, entry points, and exit points. The purpose of this step is to understand the mechanics of the application. It eventually helps to discover vulnerabilities and potential threat vectors.
The steps involved in Application Decomposition are:
This step involves breaking down the application to identify the key points such as boundaries, data flows, entry points, and exit points. The purpose of this step is to understand the mechanics of the application. It eventually helps to discover vulnerabilities and potential threat vectors.
The steps involved in Application Decomposition are:
This stage involves threat identification and determining the potential attacks on the application that might compromise the security infrastructure of the application. The development and security teams sit together for a brainstorming session to figure out the potential security issues that might affect the application’s functions. There are two possible approaches that you can use for carrying out this process. First is identifying the common threats and attacks. Here we list the common security threats based on the application vulnerabilities. Then we apply the same list to the application architecture and see the response. The second is a question-driven approach. We use a STRIDE model that includes spoofing, tampering, repudiation, information disclosure, and denial of service. We apply all the methods to the application architecture and see what stimuli our application is sensitive to.
