DEV Community

Anusha Reddy
Anusha Reddy

Posted on

The 5W's of Threat Modeling

What?
Well, it’s a process which identifies security requirements, threats & vulnerabilities. It helps in understanding the impact of threats and also quantifies their severity.

Why?
Because, it helps you spot design flaws early in SDLC which can be missed during code reviews or testing and keeps the attackers at bay.

When?
Typically during the design phase. But it’s never too late to know your flaws and rectify them for the future.

Where?
Hmm, I will tell you where you can create a Threat model diagram.
There are different tools which can be used like Cairis, IriusRisk, Kenna, Microsoft Threat Modeling Tool etc.

Who?
Usually one or more members of security team along with the engineering team participates in this process.

Ok, now that we know what it is, how to do this?

  1. You need to know what you are trying to accomplish through your software. Basically, Set objectives.

  2. You know what you want, Visualise how to do it. Design the architecture of your application .

  3. Now, think about what could go wrong. Identify threats. This is where the threat modeling tools come in handy. If you represent your architecture through a threat model diagram, it identifies the threats and gives possible mitigations.

  4. You have a list of threats, what are you going to do about it? The obvious choice is to Mitigate them.

  5. Did you do a good job in fixing them? Validate.

Easy with an example?

Consider a sample Order application whose objective is to create an order request.

Lets visualise the design

  • We need a Web API to receive the request from the client.
  • Web API communicates with Order service.
  • Order service communicates with a database to store the request.
  • To identify threats, I have used Microsoft Threat Modeling Tool to create a threat model diagram. The tool analyses the design, spots the security threats and vulnerabilities and also gives possible mitigations.

Image description

Once we mitigate a particulat threat, we can provide our justification in the justification column.
Once the justification is validated, we can change the state to mitigated.

In conclusion, with this process we can identify the security flaws during the design phase, rectify them before the software release and prevent costly re-coding after deployment.

Top comments (0)