6 most common threat modeling misconceptions
TRANSCRIPT
![Page 1: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/1.jpg)
Shedding Light Onto the 6 Top
Threat Modeling Misconceptions
![Page 2: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/2.jpg)
MISCONCEPTION 1We already conduct penetration tests and code
reviews. We’re covered.
![Page 3: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/3.jpg)
The pitfall of this belief
Sure, penetration testing and secure code review can
uncover a variety of security issues, known as bugs, in an
application.
However, these only make up about 50% of the
vulnerabilities.
The other 50% are flaws that simply can’t be found with
these analysis techniques.
![Page 4: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/4.jpg)
![Page 5: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/5.jpg)
The solution
If you’re inclined to also find the design-level flaws (which
you definitely should if you want secure software), conduct
a threat model.
Threat modeling is a critical activity to perform to prevent
costs associated with the redesign of a system that is in an
already mature state of development.
![Page 6: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/6.jpg)
MISCONCEPTION 2We already deployed our system.
There’s no reason to conduct a threat model.
![Page 7: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/7.jpg)
The pitfall of this belief
If a threat model doesn’t exist for an application that has
been deployed in production:
• You have no information about your production security
posture.
• You have no information about deployed defenses and
attack surfaces.
• Future deployments can’t defend against existing
limitations and vulnerabilities.
• Future deployment can’t take advantage of existing
defenses.
![Page 8: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/8.jpg)
In other words, your conducting
security blindly, if at all.
![Page 9: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/9.jpg)
The solution
Understanding the issues that are currently deployed
influences your future security architecture strategy.
Monitoring weaknesses with threat modeling allows your
team to react faster and more effectively.
![Page 10: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/10.jpg)
MISCONCEPTION 3We carried out a threat model when the
software was built.
There’s no reason to do it again.
![Page 11: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/11.jpg)
The pitfall of this belief
Even if nothing has changed in your software, it is
possible, and quite likely, that…
• something has changed in the software you use
(frameworks, operating systems, and internal or open
source libraries)
• new attack techniques have been introduced that can
affect your threat model
![Page 12: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/12.jpg)
The solution
It is important to know if anything changed in the system
since the last threat model. For instance, has a feature
been added, removed, or changed?
![Page 13: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/13.jpg)
MISCONCEPTION 4We’ve considered threat modeling and
feel that it is way too complicated.
![Page 14: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/14.jpg)
The pitfall of this belief
At first glance, it can seem daunting. However, if you break
up the tasks into the five workable steps, performing a
threat model on a simple web application, and even a
complex system architecture, becomes systematic.
![Page 15: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/15.jpg)
The solution
The key is to start off with the basics. Create threat models
for simple web applications.
Once you’re comfortable with this process, move to more
complex systems such as mobile platforms, embedded
software, and cloud-based technologies.
![Page 16: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/16.jpg)
MISCONCEPTION 5We don’t have software security experts,
so we can’t do threat modeling.
![Page 17: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/17.jpg)
The pitfall of this belief
Threat modeling is a lot like cooking. Chefs aren’t the only
people around who can cook. At the same time, you
probably won’t be preparing an elegant feast on your first
day in the kitchen. You need to learn to boil water first.
![Page 18: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/18.jpg)
The solution
While threat modeling takes time and repetition to become
proficient, there are also options available for firms without
software security teams or experts in-house.
At Cigital, we model threats specific to your business and
shine the light on the types of attacks you are most likely to
face.
![Page 19: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/19.jpg)
MISCONCEPTION 6We’re threat modeling at all the right times, so
we don’t need additional security activities.
![Page 20: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/20.jpg)
The pitfall of this belief
While threat modeling identifies weaknesses, it doesn’t
evaluate exploitability. Thus, the weaknesses found through
threat modeling may or may not be actual vulnerabilities.
![Page 21: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/21.jpg)
The solution
Subsequent activities such as penetration testing and
secure code reviews can evaluate this exploitability of the
weaknesses found during threat modeling.
![Page 22: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/22.jpg)
Threat modeling promotes the idea
of thinking like an attacker.
It enables organizations to build
software with security considerations,
rather than addressing security
as an afterthought.
![Page 23: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/23.jpg)
1. Secure code review, which aims to find
implementation errors that are relevant to system
architecture.
2. Penetration testing, which verifies the resilience of
the system against relevant attacks.
3. Security requirement identification, which
specifies the software’s behavior in response to
potential risk and threat agents.
Threat modeling supports
![Page 24: 6 Most Common Threat Modeling Misconceptions](https://reader031.vdocuments.us/reader031/viewer/2022022415/58eec0161a28ab0f678b469b/html5/thumbnails/24.jpg)
Ready to explore threat modeling as a
security solution?
Contact Cigital today at
www.Cigital.com