One of the most popular, STRIDE is an acronym for the types of threats it covers:
Spoofing identity
Tampering with data
Repudiation threats
Information disclosure
Denial of service
Elevation of privileges
This is a developer-centric methodology.
In STRIDE, you create a data flow diagram-based threat model of the target app. With user & abuser stories, create a list of potential threats.
Map them to the above threat types & classify the attacker's goals in one of 6 categories, along with relevant security controls.
2. PASTA
Sound tasty? It stands for 'Process of Attack Simulation and Threat Analysis'.
PASTA uses a risk-centric approach to find the probability of an attack. This lets you identify & prioritize threats. It also helps correlate business objectives with security requirements.
PASTA is done in 7 steps:
- Define the objectives (What is the purpose of the app?)
- Define the technical scope (What dependencies do you have?)
- Decompose the app (How do all your components communicate together?)
- Analyze the threats (What sort of threats do you face?)
- Vulnerability analysis (What is wrong with your app/design?)
- Attack analysis (How serious is each vulnerability?)
- Risk & impact analysis (How is your app/business affected by these flaws?)
The end goal of this process is to mitigate & manage security risks.
3. VAST
Visual, Agile, and Simple Threat (VAST) is an automated methodology that focuses on integrating threat modeling into the DevOps infrastructure.
It ensures scalability while also giving reliable, actionable results for developers, security teams, and senior executives.
VAST calls for 2 types of threat models:
The application threat model is created with process flow diagrams that map various features of an app.
The operational threat model is meant for infrastructure teams, featuring a data flow diagram from the attacker's perspective.
4. OCTAVE
The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) methodology is used to assess organization-wide risks from breached data assets.
It's used by operations & IT teams to create documentation & raise risk-awareness within the organization.
OCTAVE threat modeling has 3 phases:
Phase 1: Build an asset-based threat profile. Analyze the assets in your org by sending questionnaires out to staff. Then build a list of security requirements using the information gathered
Phase 2: Identify infrastructure vulnerabilities. Map high-priority data assets to information infrastructure & perform a vulnerability evaluation.
Phase 3: Develop a security strategy. Prioritize the risks you find & create a strategy to mitigate them across your organization.
5. Trike
The only one that's not an acronym, Trike is an open source threat modeling process for cyber-risk management.
It uses a 'requirements model' to determine what risk level is acceptable for each asset according to organization stakeholders.
The process begins with a data flow diagram to illustrate data flow & actions a user can perform in a system state.
Analyze these to form a Trike threat model. As the threats are identified, you assign risk values & mitigating controls for each threat.
Want to go deeper into Threat Modeling? Start with these 2 courses on AppSecEngineer:
For starters, you need to have an intuitive understanding of how common security protocols and components work. Things like firewalls, network access, intrusion detection systems, etc.
2 /
Work with various operating systems:
You need to be aware of how operating systems like Windows, Linux, and macOS employ security.