Threat Models are a systematic and structured way to identify and mitigate security risks in our software.
When we deep drive - Threat modeling is a process by which potential threats, such as structural vulnerabilities can be identified, enumerated, and prioritized - all from a hypothetical attacker’s point of view. The purpose of threat modeling is to provide defenders with a systematic analysis of the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker. Threat modeling answers questions like “Where are the high-value assets?”, “Where am I most vulnerable to attack?”, “What are the most relevant threats?”, and “Is there an attack vector that might go unnoticed?”. It is a procedure for optimizing network security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system. In this context, a threat is a potential or actual adverse event that may be malicious (such as a denial-of-service attack) or incidental (such as the failure of a storage device), and that can compromise the assets of an enterprise.
Threat modeling is asking and answering questions about the thing you are working to protect. It requires that you step out of the day-to-day whirlwind of data security and imagine the future. It’s important to not only create threat models as part of an implementation plan for new systems but also to set aside time to create or update threat models for older systems as well.
A threat profile includes information about critical assets, threat actors, and threat scenarios. A threat scenario is an illustration in which one or more threat actors can mount one or more threat actions in an attempt to compromise an identified critical asset by exploiting both vulnerabilities and inadequate safeguards (Dziadyk, 2011). A threat scenario campaign is a series of related threat scenarios that are used together as part of an APT for a common objective. An organization’s threat profile includes all of this threat information and presents a clear and detailed illustration of how each of these components are used together
An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element. Attack vectors include viruses, e-mail attachments, Web pages, pop-up windows, instant messages, chat rooms, and deception. All of these methods involve programming (or, in a few cases, hardware), except deception, in which a human operator is fooled into removing or weakening system defenses.
STRIDE is a model of threats developed by Praerit Garg and Loren Kohnfelder at Microsoft for identifying computer security threats.It provides a mnemonic for security threats in six categories.The threats are:
Spoofing of user identity - A spoofing attack occurs when an attacker pretends to be someone they're not.
Tampering - Tampering attacks occur when the attacker modifies data in transit.
Repudiation - Repudiation occurs when someone performs an action and then claims that they didn't actually do it.
Information disclosure (privacy breach or data leak) - Usually quite straightforward - can the attacker view data that they're not supposed to view?
Denial of service (D.o.S) - Denial of service threats occur when an attacker can degrade or deny service to users.
Elevation of privilege - An elevation of privilege threat occurs when an attacker has the ability to gain privileges that they'd not normally have.
ref:
Threat Modelling -
Application Threat modelling - https://www.owasp.org/index.php/Application_Threat_Modeling
Threat Modeling: 12 Available Methods - https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html
Creating a Threat Profile for Your Organization - https://www.sans.org/reading-room/whitepapers/threats/creating-threat-profile-organization-35492
STRIDE security -
When we deep drive - Threat modeling is a process by which potential threats, such as structural vulnerabilities can be identified, enumerated, and prioritized - all from a hypothetical attacker’s point of view. The purpose of threat modeling is to provide defenders with a systematic analysis of the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker. Threat modeling answers questions like “Where are the high-value assets?”, “Where am I most vulnerable to attack?”, “What are the most relevant threats?”, and “Is there an attack vector that might go unnoticed?”. It is a procedure for optimizing network security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system. In this context, a threat is a potential or actual adverse event that may be malicious (such as a denial-of-service attack) or incidental (such as the failure of a storage device), and that can compromise the assets of an enterprise.
Threat modeling is asking and answering questions about the thing you are working to protect. It requires that you step out of the day-to-day whirlwind of data security and imagine the future. It’s important to not only create threat models as part of an implementation plan for new systems but also to set aside time to create or update threat models for older systems as well.
A threat profile includes information about critical assets, threat actors, and threat scenarios. A threat scenario is an illustration in which one or more threat actors can mount one or more threat actions in an attempt to compromise an identified critical asset by exploiting both vulnerabilities and inadequate safeguards (Dziadyk, 2011). A threat scenario campaign is a series of related threat scenarios that are used together as part of an APT for a common objective. An organization’s threat profile includes all of this threat information and presents a clear and detailed illustration of how each of these components are used together
An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element. Attack vectors include viruses, e-mail attachments, Web pages, pop-up windows, instant messages, chat rooms, and deception. All of these methods involve programming (or, in a few cases, hardware), except deception, in which a human operator is fooled into removing or weakening system defenses.
STRIDE is a model of threats developed by Praerit Garg and Loren Kohnfelder at Microsoft for identifying computer security threats.It provides a mnemonic for security threats in six categories.The threats are:
Spoofing of user identity - A spoofing attack occurs when an attacker pretends to be someone they're not.
Tampering - Tampering attacks occur when the attacker modifies data in transit.
Repudiation - Repudiation occurs when someone performs an action and then claims that they didn't actually do it.
Information disclosure (privacy breach or data leak) - Usually quite straightforward - can the attacker view data that they're not supposed to view?
Denial of service (D.o.S) - Denial of service threats occur when an attacker can degrade or deny service to users.
Elevation of privilege - An elevation of privilege threat occurs when an attacker has the ability to gain privileges that they'd not normally have.
ref:
Threat Modelling -
- https://en.wikipedia.org/wiki/Threat_model
- https://searchsecurity.techtarget.com/
- https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
- https://docs.microsoft.com/en-us/azure/security/azure-security-threat-modeling-tool-getting-started#building-a-model
- https://searchsecurity.techtarget.com/definition/threat-modeling
Application Threat modelling - https://www.owasp.org/index.php/Application_Threat_Modeling
Threat Modeling: 12 Available Methods - https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html
Creating a Threat Profile for Your Organization - https://www.sans.org/reading-room/whitepapers/threats/creating-threat-profile-organization-35492
Attack Vector -
- https://www.sagedatasecurity.com/blog/threat-hunting-common-attack-vectors-and-delivery-channels
- https://www.sans.org/reading-room/whitepapers/riskmanagement/securing-common-vectors-cyber-attacks-37995
STRIDE security -
- https://blogs.msdn.microsoft.com/larryosterman/2007/09/04/threat-modeling-again-stride/
- https://www.microsoft.com/security/blog/2007/09/11/stride-chart/
- https://en.wikipedia.org/wiki/STRIDE_(security)
- https://blog.securityinnovation.com/stride
