Guide to Threat Modelling for Web-Apps

Guide to Threat Modelling for Web-Apps

• Web applications are operating at the core of the IT infrastructure of most of the business models in the modern-day economy.
• However, they provide a lot of utility. But there is always a risk of cyber threats interrupting the flow of smooth working of web apps.
• Web Application Pentesting helps to mitigate these threats to an extent by pointing out the security weaknesses in the application.
• Although you need comprehensive threat modeling for your web apps to ensure complete security.

What is Threat Modelling?

Threat modeling is a systematic way of identifying and evaluating application threats and vulnerabilities. When it comes to web applications, threat modeling refers to an organized approach to identifying security design problems early in the application design process. This approach helps you to devise mechanisms for the early mitigation of security issues before they cause any catastrophe. You can initiate threat modeling for web applications at any stage of development. More or less, the method of executing the process depends on your needs and capabilities.

Significance of Threat Modelling for Web-Apps

Web applications are reliant on interactions with other sources, systems, and databases for their proper functioning. This increases the overall surface of the application. Eventually, the risk of cyber attacks on the application increases. Threat modeling can describe the specific threats that an application is susceptible to. You may consider threat modeling as an extension of the risk assessment process. It enables you to identify and categorize security risks ranging from unauthorized system access to insecure physical data storage.

A threat model features underlying risk factors, identified threat actors, potential attack vectors, and the business impact of all these things. Along with identifying the problems, it also provides you with remedies. However, methods like Web Application Pentesting also help with identifying and eliminating potential security risks. But threat modeling offers a more systematic and question-driven approach for the same purpose.

1. Identify Security Objectives

There are three main aspects of identifying the security objectives within your application:

• Confidentiality: preventing unauthorized information disclosure.
• Integrity: protection against unauthorized information changes.
• Availability: offering essential services even under attack.

Security objectives are covered under the umbrella of the project objectives. You can use it to support your cause of action in threat modeling. After identifying the main security objectives, it becomes easier to divert your focus to the important things. Preventing crucial customer data such as passwords and profile information is a key point in the list of security objectives. Additionally, it includes protecting the company’s online credibility.

2. Creating Application Overview

This step is about creating an outline of what the application can do. Here, your task is to determine and depict the key functionality and characteristics of the application that you are offering to your clients. This makes the process of identifying the relevant threats a bit easier. Like modern application development, threat modeling is also an iterative process. Accumulate as much detail as possible and then add more details later when there are any changes or additions in the design.

Chronology of application overview process:

• Draw end-to-end deployment
• Identify the roles of each team member
• Identify the potential circumstances for usage
• Identify the technologies used in the application design
• Analyze the security mechanisms

3. Decompose Your Application

This step involves breaking down the application to identify the key points such as boundaries, data flows, entry points, and exit points. The purpose of this step is to understand the mechanics of the application. It eventually helps to discover vulnerabilities and potential threat vectors.

The steps involved in Application Decomposition are:

• Identifying trust boundaries.
• Identifying data flows.
• Identifying entry points.
• Identifying exit points.

4. Decompose Your Application

This step involves breaking down the application to identify the key points such as boundaries, data flows, entry points, and exit points. The purpose of this step is to understand the mechanics of the application. It eventually helps to discover vulnerabilities and potential threat vectors.

The steps involved in Application Decomposition are:

• Identifying trust boundaries.
• Identifying data flows.
• Identifying entry points.
• Identifying exit points.

5. Identify Threats

This stage involves threat identification and determining the potential attacks on the application that might compromise the security infrastructure of the application. The development and security teams sit together for a brainstorming session to figure out the potential security issues that might affect the application’s functions. There are two possible approaches that you can use for carrying out this process. First is identifying the common threats and attacks. Here we list the common security threats based on the application vulnerabilities. Then we apply the same list to the application architecture and see the response. The second is a question-driven approach. We use a STRIDE model that includes spoofing, tampering, repudiation, information disclosure, and denial of service. We apply all the methods to the application architecture and see what stimuli our application is sensitive to.

Before You Go!

• Cyber Security Solutions such as Web Application Pentesting make the security posture of your web applications formidable.
• Through this blog, you also got to know the significance of threat modeling for web apps and how to perform it.
• Make sure you take the advice of a cybersecurity expert before executing such a process. You can get in touch with RSK Cyber Security for any help related to this matter.