Threat Modelling 101: Mapping OWASP Top 10 to STRIDE

This blog provides only the foundational overview of threat modelling concepts including OWASP top 10 2024 mapping to STRIDE. It serves as an introduction to advance topics, including hands-on exercises and cloud-specific threat modelling.

Understanding Threat Modelling

• Building a Perspective: Threat modelling provides a common understanding among project members by particularly describing the system under consideration, identifying possible risks, and determining how to effectively deal with them.
• Predicting Potential Threats: The process involves figuring out what could go wrong within a system as well as creating solutions to avoid or minimize these risks. For example, identifying whether or not to lock a door and the implications of not doing so is a simple everyday example of threat modelling.
• Safeguarding Critical Assets: As defined by OWASP, threat modelling is the process of identifying, communicating, and responding to risks in order to protect important assets. This method helps to focus resources as well as attention on the system’s most essential components.

Clarifying System Boundaries

• Defining Scope: Defining Scope: Clearly defining the boundaries of the system under analysis is critical for integrating the threat modelling strategy. This ensures that all team members understand which components of the system are being considered.
• Prioritizing Security Focus: Threat modelling helps teams prioritize their efforts and resources to safeguard what is most important.

Assessing Security Needs

• Comprehensive Risk Analysis: Comprehensive Risk Analysis: Threat modelling is an organized way for assessing a system’s security requirements, enabling teams to identify potential weaknesses and address them proactively.
• Collaborative Decision-Making: The approach encourages team members to collaborate, ensuring that security measures are properly integrated into the broader project and that all stakeholders are aware of potential risks.

Mitigating Identified Risks

• Strategic Risk Management: Strategic Risk Management: Once potential risks have been identified, teams can choose appropriate risk-management techniques, such as mitigation, prevention, change, or acceptance.
• Documenting Security Decisions: The results of the threat modelling process, including decisions on how to address specific threats, should be thoroughly recorded for the purpose of to guide future development and security efforts.

Why Implement a Threat Model?

• Identify security issues: A well-structured threat model can assist identify possible issues, reducing the need for redesigns, proactive remedies, and further security work.
• Understand security needs: Ensures that everyone understands the product or service’s security requirements, as well as functioning as a living decision-making document.
• Build securely: Ensures secure development from the start, promoting customer trust and system stability.

When to Use Threat Modelling?

• Early and often: Often, begin threat modelling early in the development lifecycle to improve risk management. Early threat detection is more cost-effective.
• Key Triggers for Threat Modelling:
  - Review the model while designing a new system or feature.
  - Introducing changes which are outside the scope of existing models.
  - Identifying new risks.
  - Previous assumptions or models are being invalidated.

Shostack’s 4 Question Frame for Threat Modelling

• What are we working on?
  - Describe the system’s components and how data flows through each component. Drawing a representation or diagram which can help understanding how the system operates.
• What can go wrong?
  - Consider what can go wrong with the system’s security. Use methods such as STRIDE to identify potential concerns.
• What are we going to do about it?
  - Determine what to do with each problem you discovered: solve it, avoid it, delegate it to someone else, or take the risk.
• Did we do a good enough job?
  - Examine the effectiveness of your threat modelling and identify areas for improvement.

Business-Focused Threat Modelling Essentials

• Prioritize Critical Assets: Identify the most critical components of the system that is of high importance to the business.
• Align Security with Business Objectives: Make sure that security controls for the protection of the business information addresses the organizational objectives

Key Elements of Agile Threat Modelling

• Integrate into Sprints: Introduce threat modelling with the development of each sprint so threats are seen and addressed as software is developed.
• Track and Manage Mitigations: Add any remaining control measures under the project backlog in order to track and address them in following sprints.

Mapping OWASP Top 10 to STRIDE

• OWASP Top 10 vulnerabilities are common web application security risks.

Mapping the OWASP top 10 into the STRIDE threat model shows how such a vulnerability could exist in some part of the system including example.
Refer to owasp top 10 mapping to stride gist.

Describing the security threats in the STRIDE methodology:

• Spoofing: Impersonating a user, machine, or system in order to obtain unauthorized access or carry out nefarious activities.
• Tampering: Modifying data or code in transit or at rest in order to induce errors, obtain unauthorized access, or carry out other malicious activities.
• Repudiation: Denying or disclaiming actions or circumstances in order to avoid blame or responsibility.
• Information Disclosure: Providing confidential or sensitive information to unauthorized persons, either purposefully or unintentionally.
• Denial of service: Disrupting or reducing the availability or functioning of a system or application by network attacks, resource exhaustion, or other means.
• Elevation of Privilege: Obtaining more access or privileges beyond those originally granted in order to engage in malicious behavior or escalate privileges.

Reference & Credit

• https://blog.secpillars.com/2019/06/practical-threat-modeling-series-part-6.html
• https://devsecopsguides.com/docs/plan-develop/threats/
• https://www.appsec360.com/post/owasp-top-10-vulnerabilities-stride
• https://catalog.workshops.aws/threatmodel/en-US
• Editing & Paraphrasing via https://chatgpt.com

---

Threat Modelling 101: Mapping OWASP Top 10 to STRIDE was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.