Threat Modeling
Definition
Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and prioritized – all from a hypothetical attacker's point of view.
Why It Matters
Threat modeling is a proactive approach to security. By thinking like an attacker before and during the design of a system, you can identify and mitigate potential security flaws early in the development lifecycle, which is much cheaper and more effective than fixing them after a breach.
Contextual Example
When designing a new web application, a development team conducts a threat modeling session. They brainstorm potential threats, such as "How could an attacker steal user passwords?" or "How could an attacker take the site offline?". This helps them to prioritize and build in security controls from the start.
Common Misunderstandings
- Popular threat modeling methodologies include STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege).
- It helps to answer the questions: "What are we working on?", "What can go wrong?", "What are we going to do about it?", and "Did we do a good job?"