Threat modeling techniques
Threat modeling is the process of identifying, understanding, and addressing threats in a given system, application, or environment. It’s a key component of secure design and the SDLC. Here’s an overview of the primary threat modeling techniques:
Brainstorming:
- This is an informal technique where a group of stakeholders, ideally with diverse expertise, come together to discuss and identify potential threats to a system
- Strengths: Flexible; can produce creative and unexpected insights
- Limitations: As it is informal, it might miss certain threats or be biased based on the participants’ knowledge
Attack trees:
- A hierarchical model that outlines potential attacks on a system
- Starts with a root, which is the ultimate goal of the attacker, branching down into various means to achieve that goal
- Strengths: Provides a visual and systematic way to identify potential attacks
- Limitations: Can become complex...