What is Threat Modeling? (and Why is it Important for Applications?)

What is threat modeling and why is it important?

A threat is something that has a negative impact on an asset. In the context of information security, particularly about application security, the main aspect of concern is data.

The process of threat modeling systematically identifies all the different attack steps that could realize in an exploit.

When we perform threat modeling, we take the blueprint of an application system, and we go through that blueprint to identify gaps and pathways of exploit.

If you want to think of it in terms of the analog or physical world, the same process could be applied when an attacker or a burglar tries to break into a system. They would take the blueprint of the building, analyze it very carefully, and then try to determine how to get into that building from different pathways.

That’s exactly what we want to do with respect applications security.

Threat modelling starts with a review of the system’s security design. Thus, it requires: 

  • A physical system architecture or Data Flow Diagram 
  • Information on system interfaces, datastore, and 3rd party integrations 
  • How the system performs authentication, authorization, logging and monitoring 
  • Information about how the system handles cryptography and key management 

After this, data flows through the system and are investigated to look at data in transit, at rest, and in use, and analyze the possibility of interception by malicious parties along the way.  

In addition, functional threat modelling is performed on the system functions to determine abuse cases. 

Essentially, a system blueprint is needed/created to analyze and identify security control gaps. These gaps are further analyzed to identify potential pathways of attack that are then tested after threat modelling is complete. A risk level is determined for each threat scenario based on impact and likelihood to help focus remediation efforts on where it matters most and prioritize effectively.

Application Security Risk Assessment

Threat modelling is part of a broader scope of testing known as an Application Security Risk Assessment. There are four stages:

  • During the discovery stage, we analyze the network architecture diagram or data flow diagram just like we would analyze the blueprints of a building, and then determine all the potential pathways of attack.
  • Next, we do threat modeling, which is a part of a risk assessment process. Once we determine the pathways of attack, the next thing we would do is perform pentesting.
  • Pentesting actually tries to see if it’s possible to exploit these pathways, or if any of those attacks can be realized.
  • Finally, we assign risk levels based on the impact of those assets and how likely they are to be attacked.

At Forward Security, threat modeling is an important part of our risk assessment process that helps us fine tune and systematically identify all the potential opportunities to exploit a given application system.

DevSecOps-Maturity-Assessment-Banner

How Mature is Your DevSecOps?

Our comprehensive DevSecOps Maturity Assessment covers 8 key phases of DevSecOps practices, 29 questions in total.

By evaluating your team on each capability, you can determine if your DevSecOps maturity level is early, intermediate, or advanced. Your assessment includes a custom report that provides your overall maturity as well as detailed recommendations you can take to enhance your security posture.