The appropriate countermeasure in this case is to close and lock the door. In other words, the attacker exploits a vulnerability to gain access to an asset. The burglar can exploit the open door to gain access to the house and steal the jewelry. A door is a feature of the house and an open door represents a vulnerability. A safeguard that addresses a threat and mitigates risk.Ĭonsider a simple house analogy: an item of jewelry in a house is an asset and a burglar is an attacker. This could be someone following through on a threat or exploiting a vulnerability. An action taken by someone or something that harms an asset. Vulnerabilities might exist at the network, host, or application levels. A weakness in some aspect or feature of a system that makes a threat possible.
A potential occurrence, malicious or otherwise, that might damage or compromise your assets. A resource of value, such as the data in a database or on the file system. With a random, “shotgun” approach to security, how do you know when your application is “secure enough,” and how do you know the areas where your application is still vulnerable? In short, until you know your threats, you cannot secure your system. Threat modeling has a structured approach that is far more cost efficient and effective than applying security features in a haphazard manner without knowing precisely what threats each feature is supposed to address. By identifying and rating threats based on a solid understanding of the architecture and implementation of your application, you can address threats with appropriate countermeasures in a logical order, starting with the threats that present the greatest risk. Threat modeling allows you to systematically identify and rate the threats that are most likely to affect your system. While the tool itself is free, running it requires Visio 2007.Application Threat modeling should be considered separate from Risk Assessment, although similar but Application Threat Modeling is more of a calculated approach.
Reporting capabilities: Security activities and testing in the verification phase.STRIDE Framework: Guided analysis of threats and mitigations.Automation: Guidance and feedback in drawing threat diagrams.The tool includes the following features: SDL Threat Modeling Tool allows the architects to analyze an application’s design and identify potential security vulnerabilities, suggest and manage the corresponding solutions and communicate those issue to other members of the team. Use vulnerability categories to help you focus on those areas where mistakes are most often made. Review the layers of your application to identify weaknesses related to your threats. Use details from steps 2 and 3 to identify threats relevant to your application scenario and context. A detailed understanding of the mechanics of your application makes it easier for you to uncover more relevant and more detailed threats. Itemizing your application's important characteristics and actors helps you to identify relevant threats during step 4.
Usually a threat modeling process involves the following steps: Microsoft has released SDL Threat Modeling Tool 3, a tool used to model, analyze, track and mitigate security vulnerabilities early in the application’s design process.