Threat Modeling

Threat Modeling Process and Design, DFD's

UIC logo

8-27 Plan

  • Agenda
    • Review Pre-test Assessment
    • Review Web Architecture
    • Discuss Tools
    • Introduce Threat Modeling
  • Objectives
    • Understanding Threat Modeling and Why do we do it
    • Challenges to Threat Modeling
    • Precursors to Threat Modeling

What is Web Threat Modeling?

Threat Modeling

  • Highly Conceptual
  • Time consuming process - and should be embedded into SDLC
  • Consider not important in past - More recently, gaining alot of traction

Threat Model - When and Where

SDLC Process

image of system development life cycle responsibility breakdown

OWASP Presentation

OWASP Advanced Threat Modeling Slides

Click to open slides

Example of DFD

Data Flow Diagram

The focus is primarily the flow of data.

What is the difference between DFD's and Threat Model Diagrams?

Terminology

Limitations

Threat Agent

Assets

Mitigations

Security Controls

Attack Vector

Attack Trees

Trust Boundary

Data Flow Diagram

General TM Example

Example Threat Model

Draw.io Diagramming Tool with external plugin

MPLSrenters.com TM diagram

MPLS Renters Threat Model

SLA's should take into threats and attacks into considerations

Not Depicted is Data classification

Questions?