Threat Modeling as a structured activity for identifying and managing the objects (such as application) threats. It also called Architectural Risk Analysis is an essential step in the development of your application. Without it, your protection is a shot in the dark.
Since about half of all security vulnerabilities in software are due to design errors, safety measures must be considered during the design phase. In this phase, the cost of fixing vulnerabilities is comparatively low compared to the implementation phase. Threat modeling helps to identify threats, regardless of the complexity of the architecture. The method supports the development of a trustworthy security design. A complete threat modeling is carried out systematically and methodically with the aim of reducing or even eliminating the effects of the detected threats.
We do threat model of your organization, showing attack surface and risk in organization.
We use STRIDE method for Threat Modeling. It simple, because it provide all aspects in information security: Confidentiality, Integrity, Availability, Non-Repudiation, Authentication, Authorization.
In TM, we identify worth protecting (assets) and the relevant threats. The phase of identifying vulnerabilities starts with the analysis of the documentation (i.e. of the security design in particular) and the analysis of the program flow charts.
By analyzing the data flow charts, the system can be broken down into manageable parts for a vulnerability check. These trust boundaries are marked to be recognized as trustworthy or non-trustworthy components.
The aims include: understanding the security architecture, identifying the design flaws and minimizing the number of potential attack surfaces.