The cybercriminals of today are ever more creative in their tactics to create massive cyber attacks using techniques such as hacking into suppliers obtain access for their clients or by compromising weaknesses within the code of an application to target an organization.
In the end developers have to be more aware of threats than ever before when developing their apps and products. However, with all the fresh and new threats how can they ensure they’ve considered every aspect?
This is where a framework like STRIDE threat modeling can be helpful. STRIDE threat modeling helps organizations and developers to recognize cybersecurity risks to their application and prioritize them according to their impact and probability and integrate mitigations in their software development cycle (SSDLC).
What exactly is STRIDE threat modelling?
Threat modelling using STRIDE is a threat modelling technique that is that is based on six threats that attack software. STRIDE is an acronym that refers to every threat category it addresses Spoofing, Tampering Repudiation, information disclosure, DDoS, as well as the elevation of privilege.
The STRIDE threat model was devised around 1999 by researchers from security from Microsoft. While STRIDE threat modeling can be useful for businesses by itself, it also an integral part of a wider process that offers security professionals with an effective approach to identifying threats and tackling them through formulating security requirements, constructing an application diagram that identifies threats, managing risks, and verifying the fact that risks have been eliminated.
The six threat categories considered as part of the STRIDE threat modelling framework are focused on the various aspects of security in an application. It encourages developers to consider risks that could be affecting the entire app or system and also the methods they can defend against them at the beginning to the design process.
The six components of STRIDE threat modelling include:
Spoofing
Spoofing attacks occur when attackers disguise themselves to successfully impersonate a trusted entity and gain access information or data from the user. Spoofing usually employs social engineering to persuade users to provide details such as usernames and passwords. Once they have this information hackers will then utilize them to get access to an application and then from they will spread malware to the network.
Spoofing attacks can include cookies replay , hijacking sessions and cross-site request forgery (CSRF) attacks.
Since spoofing can be a threat against authentication of users the most effective method of protection is to use safe methods for user authentication which include both secure password requirements as well as the multi-factor authentication (MFA).
Tampering
Tampering is the deliberate alteration of a system to alter its behaviour. Attackers try to hack applications by altering the parameters or code to alter the data of an application, like user credentials, permissions, as well as other important components of the application.
Tampering attacks like Cross Site Scripting (XSS) and SQL injection can compromise the security to the program. To protect against tampering attacks, the application should be designed to check user inputs, as well as encode outputs. Static code analysis must be utilized to detect potential vulnerabilities to tampering with the application, both in the development phase and after the application is operational.
Repudiation
Repudiation attacks are an attack on the legitimacy and integrity of the actions performed on the application. Repudiation attacks are based on an absence of controls to effectively track and log user actions. They use this weakness to alter or alter the identity of any new, unauthorised actions, erase logs or write the wrong information into log files, and refuse to perform actions or receive services (for instance, for example, to commit fraud).
Developers can create non-repudiation, or the guarantee that no one can doubt the validity of an action by using digital signatures within the application, which offer proof of an action or by ensuring there are complete, tamper-proof logs on file.
Information disclosure
Information disclosure occurs when an application intentionally divulges details about the application that could be used by hackers to attack the system.
Information disclosure could be derived from comments of developers that are written within the application, or from source code that gives parameters, or errors that include excessive details, which reveal details about users, confidential business or commercial data as well as technical information about the application’s infrastructure and.
This information is then used by attackers to get users to access the app and collect details about customers. This information could be used to commit more crimes, or gain access to privileges that can allow access to the most sensitive areas of the application.
The developers are at the center of preventing vulnerabilities in information disclosure within the application
Response headers, error message messages and background information must be as general as is possible, so that they don’t reveal details about the behavior of the application.
Authorisations and access controls that are properly controlled must be in the place to block unauthorised access to data.
The application itself must be inspected from a user’s perspective to confirm that comments made by developers as well as other information aren’t visible inside the development environment.
Service denial
DoS attacks are a form of denial-of-service. (DoS) attacks overwhelm the targets with traffic, triggering an accident, then closing it off to legitimate traffic. DoS attacks usually consume time and money however, they don’t cause harm to the victims. The most popular type that is a DoS attack is buffer overflow attacks that simply causes too much traffic towards the program. Others exploit weaknesses that cause systems to crash.
DoS attacks can affect the network layer as well as the layer of application. Applications can be secured from DoS attacks by setting firewalls to prevent traffic from specific sources, such as loopbacks, reserved as well as private IP addresses or DCHPDHCP clients not assigned or by introducing rate limiting to control the flow of traffic.
Escalation of privilege
Attacks that exploit weaknesses and configurations that are not correct in applications to obtain access to privileges that are elevated or restricted. The attacks can attack authentication and credential processes, compromising vulnerabilities in design and code or exploit configuration errors or exploit malware or the use of social engineering techniques to get access.
Security against escalation of privileges should be included in the application from the beginning of the stage of development. This means managing the lifecycle of identity and ensuring the principle of the least privilege for all users while also securing systems and applications by making changes to configurations, removing unneeded rights and the ability to access ports, including closing them and much more.
The advantages of STRIDE threat modeling
Avoid vulnerabilities in the early stages
A lot of the methods of identifying weaknesses (static code analysis and vulnerability testing, bug bounty and other methods) become relevant after all or the application is developed. However, it’s less expensive and simpler to fix vulnerabilities during the development phase rather than once vulnerability is present in the live product.
Threat modelling with STRIDE is a development-based method of analysing the risks that could affect an application. STRIDE can create a checklist to ensure an effective software development lifecycle helping developers identify possible weaknesses earlier, so that they’re cheaper and easier to reduce or fix.
Make sure you are taking a security-first approach
Threat modelling in STRIDE is based on threats, which encourages developers to consider the ways in which each threat to be considered might affect various parts within the software. In addition it challenges assumptions, forcing developers and security groups question the assumptions they have made and then test their authenticity and security.
The results of the STRIDE threat modeling exercise can be incorporated into an DREAD models for risk assessments (Damage possible, Reproducibility Exploitability, Affected Users as well as Discoverability) to determine the potential effects of each risk and identify vulnerabilities that require remediation.
The threat modeling STRIDE can be performed repeatedly
The threat modeling of STRIDE is not ever.
Threat modelling with STRIDE is a framework that lets you conduct periodic threat modelling exercises. intervals, allowing security teams to stay abreast of the ever-changing threat landscape and to ensure that the security measures put implemented are able to stand up to both new and older threats.
Threat modelling by STRIDE is an integral part of a larger cybersecurity program.
The development of secure systems and applications and securing them from hackers requires a comprehensive cybersecurity risk management program which includes protection of infrastructure and other tasks like checking the safety of software and systems frequently with penetration tests.
The threat modeling STRIDE provides one of these features helping developers implement secure development practices into the development of software and other systems. Threat modelling by itself is not enough to ensure your application’s security but it will give you a solid foundations at the beginning to the entire process.
© All Rights Reserved 2023