Threat Modeling for Developers: First Steps

Threat Modeling for Developers
Image by Gerd Altmann from Pixabay

With the growth of cyber threats and the desire of companies to protect their funds, organized companies use the best ways to protect software, for example, STRIDE. Unfortunately, implementing threat modeling is often difficult. Many methodologies require complex and exhaustive upstream analysis that is incompatible with today’s teams. So instead of stopping everything in order to develop a safe threat model, you need to start small and gradually expand.

What is Threat Modeling?

The main idea is very simple. This is understanding the causes of damage from cyber threats. It is the use of this understanding to secure our system in a risk-aware manner.

What is Threat Modeling
Image by Unsplash+

Technology first

Important recommendation from threat modeling with stride: focus mainly on technical threats, not large-scale ones.

  • Large-scale threats and their sources include hacker groups, problematic hardware, frustrated employees, human error, and epidemics of new types of malware. Such threats come from everywhere, they are extremely diverse, uncertain and unpredictable. They relate to the value that your system’s data and services provide to your organization and to others. Such threats can be easily discussed with non-techies.
  • Technical threats and assailabilities are more particularized than specific software vulnerabilities or lack of security controls in the form of encryption or authorization. Such threats arise from the inherent scheme and information flow of the system. Usually several technical threats are combined, resulting in a wide negative impact on the system.
technical side of things
Photo by Jud Mackrill on Unsplash

This helps simplify the refinement process, as the scheme and information flow of your system is something you can be sure of. But it also means that you, as a developer, can take advantage of the technical side of things. This is a much stronger starting point for high-level analysis of threat sources about which you know little.

Do not forget about the full picture of the situation. A pragmatic and risk-aware understanding of what large-scale threats might arise helps prioritize technical threats.