Skip to content

Threat Modelling

Threat modelling session

Pick a Use Case
  • Start with one or two use cases at most
  • Start with the authentication use case as well as one of the main flows of the application
Draw a DFD of the Use Case
  • DFD shows how data flows through the system and which apps/dbs are involved
  • Draw your applications (processes), databases or other important data assets, data flows and actors
  • circle: processes (apps)
  • double circle: collection of services
  • open rectangles: assets (dbs, files, queues, logs, etc.)
  • dotted lines: trust boundaries
Discuss the Security Risks
  • For each asset passing through your data flow:
    • go through a checklist and discuss potential security risks
    • rate each risk (e.g. by likelihood and impact)
    • STRIDE
  • For each risk that you find:
    • list it with a reference to the element, short description, likelihood of it occurring (Low, Medium, High), impact on your system (Low, Medium, High) and proposed mitigation
Implement Security Controls
  • Discuss and decide what you will do about each risk

Diagrams

Data Flow Diagrams
Attack Trees
  • Not every type of threat maps easily to the ‘STRIDE’ model
  • Attack trees offer a different way of looking at threats, which may not surface during the STRIDE questions

Tools

Worksheet
Draw.io
pyTM

pyTM Template:

# Title

## System Description
{tm.description}

## Dataflow Diagram
![Level 0 DFD](dfd.png)

## Dataflows
| Name                            | From                 | To                 | Data          | Protocol          | Port              |
| ------------------------------- | -------------------- | ------------------ | ------------- | ----------------- | ----------------- |
| {dataflows:repeat:{{item.name}} | {{item.source.name}} | {{item.sink.name}} | {{item.data}} | {{item.protocol}} | {{item.dstPort}}} |

## Potential Threats
{findings:repeat:* {{item.description}} on element "{{item.target}}"}