Agile Threat Modeling¶
There are numerous described methods out there for doing threat modeling. One approach that synergizes well with an agile approach to doing development, is Agile Threat Modeling. If you integrate this well, this process won't require any extra effort from your normal dev-cycle, but will add great value.
An example of how to get started:
- Someone from the team reads and get familiar with Agile Threat Modeling
- Choose a scope beforehand (ex. some upcoming functionality, current functionality, your CI/CD pipeline etc.)
- This person facilitates a threat modeling session with the whole team and other interested parties
- Find a way to integrate with your current dev-cycle
- as part of existing ceremonies
- as part of detailing a new task
Of course, no shoe fits all. Whichever method you choose, the most important aspect is that it's sustainable and you will be able to continue to do it regularly - and that it gives valuable output.
Alternative forms for doing Threat Modeling¶
When detailing your tasks for upcoming functionality with use cases, consider also writing misuse cases.
Similar to use cases, misuse or abuse cases describe unintended and malicious use scenarios of the application. These misuse cases provide a way to describe scenarios of how an attacker could misuse and abuse the application. By going through the individual steps in a use scenario and thinking about how it can be maliciously exploited, potential flaws or aspects of the application that are not well defined can be discovered. The key is to describe all possible or, at least, the most critical use and misuse scenarios
- As an abuser, I want to gain access to this web application’s Cloud Hosting account so that I can lock out the legitimate owners and delete the servers and their backups, to destroy their entire business.
- As an abuser, I want to overload this system with requests so that legitimate users won't be able use it
For more information, read this
- A really good overview of the existing methodologies
- An "automated" approach to doing threat modeling
- Learning path from Microsoft
- Equinor AppSec Threat Modeling Slide-deck
- Threat Modeling Manifesto
- OWASPS Threat Modeling Cheat Sheet