What are the benefits of Threat Modeling?
To complete the idea on the post about Threat Modeling, on this post the approach is on the benefits might not be directly visualized quen applied to threat modeling. In case you have started the reading by this post perhaś it is better to start by the “Basic Concepts of Threat Modeling”.
On our previous article it was explained a little on the benefits of threat modeling in a more direct way, which are related to the possibility of identifying vulnerabilities of an application prior to its development. we can, yet, use the same modeling document to validate de development on the test levels.
However, even if the most evident benefits are relatively easy to identify, there are other elements resulted from threat modeling and are not always noted.
Visibility
While working on a project to develop a secure development program from “ground zero” is easy to assemble all the parts together and have a general view of all the topics that we need to approach.
But when we work on a more operational environment, with a established structure, what happens most of the time is that we ought to deal with a series of issues that are already in execution and need to be evaluated.
On environments like this is common having to deal with previous systems, that most of the time give support to critical systems of your company. Those systems with great importance to the business don’t have any documentation, and on these cases modeling can help, because when it is done, all the other systems and their fragility become visible, helping on the business risk map.
These mapping opportunity is reached because the threat modeling takes us to a deeper understanding of how the system works and how it interacts to other components. Following these modeling process is inevitable to:
- Identify assets;
- Updating and documentation of the architectural systems;
- Build a better understand on how the system and the subsystem connect.
This last one is believable to be a better opportunity for modeling.
Security consciousness increase
For a threat modeling to be executed to bring the best solutions to the questioning in security for software production, it is necessary that the team responsible for this activity get instructed to have the necessary and corrected understanding on how to do it.
At this point we can say that you are not going to deliver a better solution in case you don’t have the support and participation of your peers. In addition to being important that your team is aware and has knowledge about modeling, it is also important that this team has a group formed with the most diverse possible experiences, because they have different looks on the same theme that will facilitate the discovery of threats and possible risks associated with the software.
And this factor will enable the company to deliver knowledge to a large number of professionals, which may further facilitate the dissemination of knowledge related to the topic of developing security.
A greater knowledge about threat modeling on your team is not the only benefit delivered when many professionals are gathered on this type of project.
By the very nature of modeling, it will require a greater understanding of all the assets present in its structure, which itself already helps in the organization and infrastructure operation. However, the result of this understanding goes much further, it allows us to identify assets, their relationships and functionalities to create a relationship map and criticality of assets, which opens up many possibilities for improvement in our structure.
As the modeling document must be a living document, that is, it should not be forgotten when the mapping is finished, this serves as a solid base that will help in a series of other possible tests such as software validation tests, already in the stage of development testing.
Let’s imagine the following situation. If during the modeling process we identified that there is a possibility of a SQL injection vulnerability in a part of the system, and the next step is that when coding, the development team being aware of this possibility implements a solution to avoid this type of vulnerability
In the application testing phase, threats identified during modeling can serve as a path, a validation checklist to ensure that identified threats are not present in the final product of the coding.
So, in general, we can say that the benefits of good threat modeling extend through every stage of an application development.
To conclude
Running a threat modeling process can be one of the most important tools within a secure development process. However, we have to understand that modeling will only have great results with a series of actions and steps to be observed.
This text will present some of the most important points, but we would like to leave some remarks on this manner.
Remember, it is a Team
As it was mentioned the execution of this project is the achievement of a team, and it must be acknowledged that all are part of the result, either positive or negative.
Knowing this, we need to understand that team members’ acquisition of knowledge is vitally important to the success of the project. Therefore, one of the first steps is to create one or several workgroups that can support the most diverse scenarios that we may encounter during modeling.
Document and discuss all the findings of the project, this will help in the evolution of the modeling document, remember that it must be a living document. Still, do not be in a hurry, as doing a modeling project can be time-consuming for today’s development standards, but sure enough, when done right it will be worth.
At times there may be stagnation in the process, remember some of your teammates may not have formal training and / or formal knowledge about threat modeling, see how you can help with this, and the work will be much more effective.
Keep focused and follow the data
One thing that is very common is the escape from modeling themes, systems, and subjects not related to the project scope, be careful about it, and always be aware of the scope that has been defined. We have to remember that the process is already too complex, we do not need new points of action
At this moment one of the best tips we can leave is to always seek to follow the flow of data. This simple thought as well as helping to stay focused on the scope helps answering one of the most basic and important questions in the process – “Where do we begin?”
This thought helps us to show a possible path that the attacker may do, because an attacker will always try to interact with the system and for this we need to identify what components allow data interaction.
Last but not least, understand that no one knows your area better than yourself, thus it is important that during team creation the participation of a great amount of people is encouraged so there will be a large variety of knowledge done on the project.
