IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [threat-modeling]

The process of describing possible threats and analyzing their possible affect on target systems.

Threat modeling is an organised way to identify threats (potential risks) in an application and its environment. A matured threat model also helps in the process of risk assessment by assisting in informed decision making and impact assessment.

The in-scope topics for this tag would include - Threat modeling tools, severity and impact assessment, architecture review, Data flow diagrams etc.

138 questions
62
votes
4 answers

What is a threat model, and how do I make one?

I asked a question on what I need to do to make my application secure, when somebody told me: That depends on your threat model. What is a threat model? How do I make a threat model for my application?
user163495
7
votes
2 answers

Threat modeling

During the design phase, which is better, identifying the security mechanisms and techniques that will be used to protect the system (such as selecting the suitable encryption algorithm) before creating the threat modeling or during creating threat…
user3011084
  • 529
  • 1
  • 3
  • 9
6
votes
2 answers

Dataflow diagram - how far do I need to drill down?

I'm trying to create a DFD for a threat modeling exercise. How much detail should I get into? The SDL Threat Modeling guidelines state that I know that my DFD needs more detail when there is still a trust boundary in the DFD. Suppose there is a…
theXs
  • 261
  • 2
  • 8
5
votes
2 answers

Difference between STRIDE and Mitre ATTACK

When looking at threat models I came across STRIDE (from Microsoft) and then came across Mitre ATT&CK, they seem to be different - one is a threat model and the other is a threat intelligence methodology. What's fuzzy to me is exactly what are the…
pzirkind
  • 747
  • 1
  • 7
  • 12
4
votes
2 answers

Is there a superior approach for threat modeling?

There are at least three different common approaches to creating a threat model: Attacker-centric Software-centric Asset-centric You can take a look at Wikipedia for a quick overview. I wonder if one of those approaches has proven to be superior…
Demento
  • 7,465
  • 5
  • 38
  • 48
4
votes
2 answers

Actors and processes in threat models

I want to create a threat model to guide a security-oriented review on a project. I found the OWASP Threat Dragon and would like to do it in that, but from the documentation and example I am unsure how to use the elements provided. The diagrams can…
Jan Hudec
  • 541
  • 1
  • 5
  • 10
4
votes
1 answer

Is There a Library of Well Known Threat/Attack Trees?

[I'm surprised that my searches didn't find this questions before, but then I may just not be asking it "the right way."] A project I am on is starting to look a threat trees for a connected piece of hardware that is under development. As a start,…
jwernerny
  • 161
  • 5
3
votes
3 answers

Is a threat model totally subjective or can it be based on objective guidelines?

We all know that in the security field everything depends on the threat model, which basically means you need to define who or what you are protecting from. But who should decide this, and on what objective basis? Since you can't protect everything…
reed
  • 15,814
  • 6
  • 47
  • 70
2
votes
1 answer

What are the risks of posting family pictures online without any access control?

What are the risks of posting family pictures online, for example on a blog site, without any access control in place? What should be my threat model? I am weary of posting (recognizable) pictures of my self and my family on Facebook. Facebook is a…
Ivana
  • 139
  • 3
2
votes
1 answer

How do you scale threat modeling?

Small threat models are relatively easy to build but building and maintaining a threat model that contains a few dozen components becomes difficult pretty quickly. What tools do you use to collaborate across teams to build and maintain large threat…
Ben
  • 615
  • 4
  • 11
1
vote
1 answer

Threat Modelling Application Decomposition

I am doing a piece of work on a imaginary device which allows the user to lock/unlock their vehicle and access a wireless hotspot in their car using an application on their smartphone via bluetooth. I am doing the threat modelling for this and am…
h1h1
  • 111
  • 1
1
vote
1 answer

Why do we need to differenciate between External Interactor and a Process?

In MS SDL Threat Modeling, there is an External Interactor and Process. While the meaning clearly shows a difference between them, when threat modeling, one can't really threat model an external interactor as it impossible to enforce anything on…
user20259
  • 155
  • 5
1
vote
1 answer

How to correctly classify a threats related to Tampering in STRIDE

I'm trying to apply STRIDE to secure my architecture. xxx xxx xxx ┌──────────┐xx ┌──────────┐ │ node ├─xx──────signals───────► hub │ │ │ x │ │ └───▲──────┘ xx…
Ali
  • 125
  • 4
1
vote
2 answers

What is the best book on threat modeling that you've read?

I have been involved with developing threat models for several software products and features, and I'd like to formalize this process a little bit and create some documentation for my company's devs. Can you guys recommend a good book that describes…
bsterne
  • 91
  • 1
  • 4
1
vote
1 answer

Threat Model for a third party messaging application for an organisation

Are there any templates or guides anywhere which illustrate how threat models should be documented? For example, what kind of threats are there for cloud-based/ third party instant messaging services? Would you use STRIDE (Spoofing, Tampering,…
NoDirection
  • 21
  • 3
1
2