My First Threat Model
According to securityintelligence.com Threat modeling is the practice of identifying and prioritizing potential threats and security mitigations to protect something of value, such as confidential data or intellectual property.
Threat Modeling Process
1. Identify security objectives
2. Application Overview
3. Decomposing the application
4. Threat identification
5. Identify vulnerabilities
I am following close along with a threat modeling course on Pluralsight. I have provided the link below. I am using the Microsoft Threat Modeling Tool.
This is what the tool looks like when you first install it. I will be focusing on creating a threat model. First, I clicked on create a model.
This is what the design view looks like. The possibilities are endless when creating a threat model.
I created a threat model based on a web application. Data flows from the database to the web application and then through the firewall. The user uses the internet browser to access the web application through HTTPS. One threat identified already is the web application communicating with the windows firewall through HTTP.
The trusted boundary is just to separate the two different processes going on. In this case, it separates internal and external processes.
Threat models can be a great visual representation of applications. This helps to identify threats easily.
Link to Pluralsight course: https://app.pluralsight.com/library/courses/threat-modeling-with-microsoft-threat-modeling-tool-2016/table-of-contents
This was fun to make and a great learning experience.
Thanks for visiting my blog!
Please leave a donation with the link below if you would like to support the blog.
