4. SACON 2017
• Threat modelling is an in-depth approach for analyzing the security of
an application
• It allows the reviewer to see where the entry points to the application
are (i.e. the attack surfaces)
• The associated threats with each entry point (i.e. attack vectors)
• Design and adopt various counter measures and mitigation strategies
to enhance security of the application
What is Threat Modeling ?
7. SACON 2017
• Threat
• A potential to cause harm to something of value (asset)
• Vulnerability
• A way to cause harm or to materialize the threat
A Threat is not a Vulnerability
14. SACON 2017
Threat Categorization – The STRIDE Framework
Threat Example
Spoofing Impersonation or pretending to be someone else
Tampering Modifying something that should not be
modifiable
Repudiation Denying that someone didn’t do something
Information Disclosure Access to information that should not be
exposed
Denial of Service Preventing a system from delivering its services
Elevation of Privilege Doing things that one isn’t supposed to do
15. SACON 2017
Risk Analysis - Threat Rating
• All threats cannot be countered or mitigated at the same time
• Effective and actionable outcome of Threat Modeling requires
prioritization of threats
• Risk rating frameworks can be used for Threat Rating
19. SACON 2017
Countermeasures - Example
• Threat
• An attacker can spoof his email address to avail services
• Counter Measure
• Enforce verification of email address before delivering services