What is Threat Modeling?

Assume you are an app security engineer at food delivery app.

Threat modeling is a proactive approach to security that involves analyzing and assessing the security risks of an application or system. By doing so, app security engineers can identify potential threats and vulnerabilities and take appropriate steps to mitigate them.

In this article, I will discuss the basics of threat modeling and how it can be used to improve the security of a food delivery app that covers New York City and is planning to expand to Seattle. We will use the STRIDE and DREAD methodology to conduct the threat modeling exercise.

Threat modeling is a structured approach to identifying, evaluating, and mitigating security risks to an application or system. It involves analyzing the system’s architecture, data flows, and threat vectors to identify potential vulnerabilities and attacks that could exploit them. Threat modeling can be used at different stages of the software development lifecycle (SDLC), including during the design, development, and testing phases. It is an iterative process that requires collaboration between different stakeholders, including developers, QA engineers, and security experts.

Let’s say our app is a food delivery app that covers New York City and is planning to expand to Seattle. The app is deployed via Google Cloud, and you need to conduct a threat modeling exercise to identify potential risks and vulnerabilities that may arise from the expansion. Here’s how you can do it:

The first step is to define the scope of the threat modeling exercise. In this case, the scope is the food delivery app that covers New York City and the planned expansion to Seattle. This will help you focus on the specific assets, data, and functionality that are relevant to the exercise. The app is deployed via Google Cloud, which means that you will also need to consider the security of the cloud infrastructure.

Next, create a data flow diagram (DFD) that shows how data flows through the system. This diagram will help you identify potential threats and vulnerabilities in the system. Here’s an example of a DFD for the food delivery app

The diagram shows the different components of the system, including the customer app, the restaurant app, and the server infrastructure. The app is deployed via Google Cloud, which includes a load balancer, a cluster of virtual machines, and a database. The arrows represent the flow of data between the components.

Identify the different threat actors that may pose a threat to the system. In this case, the threat actors may include hackers, malicious insiders, or competitors. Next, identify the assets that are valuable to these threat actors, such as customer data, restaurant information, and financial transactions.

here’s an example diagram based on the addition of the new feature, as well as an example of how to identify threat actors and assets:

Apply the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) framework to identify potential threats to the system. For example,

Apply the DREAD (Damage, Reproducibility, Exploitability, Affected users, Discoverability) framework to assess the risks associated with each threat. For example, a denial of service attack that affects all customers and is easily exploitable may be assigned a higher risk rating than a low-severity information disclosure vulnerability that affects only a small subset of customers.

DREAD is a risk assessment framework that takes into account the following factors:

Let’s take some examples of the threats identified through the STRIDE analysis and assess their risks using the DREAD framework:

Overall Risk Rating: Medium

Overall Risk Rating: High

Overall Risk Rating: Low to medium

Overall Risk Rating: High

Once you have identified the threats and assessed their risks, you can take appropriate steps to mitigate them. This may involve implementing security controls such as access controls, encryption, or monitoring. You may also need to modify the system’s architecture or design to reduce the attack surface and make it more resilient to attacks.

Risk: Spoofing attacks against the customer app or restaurant app

Mitigation: Implement user authentication and authorization mechanisms to prevent unauthorized access to the app. Use SSL/TLS to encrypt communication between the app and the server to prevent eavesdropping

Risk: SQL injection attacks against the database

Mitigation: Use parameterized queries or prepared statements to prevent SQL injection attacks. Implement input validation and sanitization to prevent malicious input from being executed as code.

After implementing the necessary security controls, you should test and validate the system to ensure that it is secure and resilient to attacks. This may involve conducting penetration testing, vulnerability scanning, or code reviews to identify any remaining vulnerabilities or weaknesses in the system.

After completing the threat modeling exercise and validating the security controls, you can begin to deploy the new feature to the system. You should monitor the system closely during and after the deployment to ensure that it is functioning correctly and that there are no new security vulnerabilities or weaknesses.

In conclusion, threat modeling is an essential process that can help identify and mitigate potential security risks and vulnerabilities in your application. By conducting a threat model of the food delivery app, we were able to identify several risks and propose mitigations to address them.

Through the use of STRIDE and DREAD methodologies, we were able to identify potential threats and determine their severity based on impact and likelihood. By working with developers and DevOps teams, we were able to prioritize and address these risks through various security measures such as code reviews, SAST and DAST scans, and implementing security controls such as user authentication and input validation.

It’s really important to think about security when you add new features to your app. You need to consider what might go wrong and take steps to stop it from happening. By doing this, you can keep people’s information safe and make sure your app works properly.

It’s not a one-time thing, though. You need to keep checking and updating your security as you make changes to your app. This way, you can stay ahead of any new risks and keep things safe for everyone who uses your app.

Related posts:

Malaysia is a vibrant and culturally diverse country located in Southeast Asia that offers something for everyone. Whether you’re interested in exploring the country’s rich history and culture…

In this blog I will be reflecting on an article I read. A 4 day work week was tested by Microsoft Japan during the summer of 2019 where employees were working 4 days a week with a 3 day weekend for…

In the era of globalization like today we cannot escape from the machine called a computer. All activities related to learning and work activities really need a computer. Sophisticated technology…