When reviewing the security posture of any application or system, it is important to consider the threats that the system is exposed to. This is where threat modelling comes in. Threat modelling is a process of identifying, quantifying and prioritising threats to a system. It is a structured approach to identifying and evaluating potential threats and vulnerabilities. It is a proactive approach to security and helps to identify threats early in the development lifecycle.

A good threat model can help answer the following questions:

• How can an attacker change the authentication data?
• What is the impact if an attacker can read the user profile data?
• What happens if access is denied to the user profile database?

STRIDE is a powerful security threat modeling approach developed by Microsoft. It helps developers and architects identify and mitigate potential security vulnerabilities in software applications.

What is the STRIDE Model:

• STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. • It’s a mnemonic that helps remember the primary threat categories.

Components of STRIDE:

Spoofing: Identity theft or impersonation attacks

• Prevention: strong authentication and secure communication protocols.

Tampering: Unauthorized modification of data or code

• Prevention: data integrity checks, secure coding practices, and input validation

Repudiation: Disputing the authenticity of an action or transaction

• Prevention: detailed logging, secure audit trails, and non-repudiation mechanisms

Information Disclosure: Unauthorized access to sensitive data

• Prevention: encryption, access controls, and data classification

Denial of Service (DoS): Disruption of services or system availability

• Prevention: traffic monitoring, rate limiting, and redundancy planning

Elevation of Privilege: Gaining unauthorized privileges to perform restricted actions

• Prevention: principle of least privilege, role-based access control, and secure system configuration

When to apply STRIDE in Software Development:

• Threat modeling during the design phase
• Regular security reviews and code audits
• Incorporating secure coding practices, including security game days
• Integrating security testing into the development process
• Continuous training and education for developers

An example template for STRIDE:

Source: https://github.com/OWASP/threat-model-cookbook/blob/master/Template/BLANK/BLANK-draw.io.onepager.xml.pdf

An example DFD of a web application on cloud: