Threat Modeling - PLAN

Positioning DevSecOps in Your Lifecycle

Threat Modeling

Threat modeling is a process by which potential threats, such as structural vulnerabilities, can be identified, enumerated, and prioritized – all from a hypothetical attacker’s point of view.

There are many different Threat Modeling methodologies. One of the more common is known as STRIDE.

S - Spoofing
T - Tampering
R - Repudiation
I - Information disclosure / leakage
D - Denial of service
E - Elevation of privilege

These are all different threats that you should assess your application to ensure it is robust enough to defend against them.

It's always better to use some specific tools that are designed specifically for the process. It's quite difficult to do manually. Implementing tooling can help you identify the threats quickly. One freely available tool is Microsoft Threat Modelling Tool (https://docs.microsoft.com/enus/ azure/security/develop/threat-modeling-tool).

PreviousDesigning DevSecOps for Plan, Code, and Build SDLC Phases NextSecure Code Standards

Last updated 2 years ago