To keep up with the tradition, a short recap of my day at SecAppDev. Today I followed a threat modeling workshop “Whiteboard hacking (aka hands-on treat modeling)” given by Seba Deleersnyder and Thomas Heyman.
This workshop was full of best practices that I was looking for to apply in my daytime job. Like the title promises, it was very hands-on and both trainers are really knowledgeable.
Some of the many important takeaways for me:
- Start with a short session to create a top 3 of Doomsday scenarios. Make sure someone that understands the business value is involved (for instance the product owner). It’s important to define the impact of these scenario in such a way that the technical risk is translated to the according business risk. As an example: when we suffer a data breach, we might get a GDPR fine, reputational damage and customer loss.
- There are often a lot of vulnerabilities identified during threat modeling. The Doomsday scenarios are really helpful to prioritize them. We should focus on vulnerabilities that might lead to a Doomsday scenario, whereas the ones that don’t should be given a lower priority to fix.
- Start with a context model to understand the business and tech context and determine what the most important use cases are. Who or what interacts with this applications?
- Create a data flow diagram.
- Identify and prioritize trust boundaries.
- Create a threat table for the trust boundaries. This table contains the STRIDE analysis of all data flow diagram elements that cross a trust boundary.
- Document the non-mitigate threats, or even better make sure they are added in the bug tracking system or the backlog of the application.
- Always list the assumptions you have made.
- The final outcome, the (potential) vulnerabilities is important. The tools are just a means and must support you to do the job in the most efficient way.
- And many more…
Read more about SecAppDev 2019 day 4.