See it in action
Threat modeling enables informed decision-making about application security risks. In addition to producing a model, typical threat modeling also creates a prioritized list of security improvements to the concept, requirements, design, or implementation of an application.
Like what you see?
Speak to one of our threat modeling specialists - on-hand to answer all of your questions from what threat modeling is, to how to scale.
Explore your current application security plans and assess how threat modeling, or the scalable automation of secure design, will benefit your organization specifically. We're here to help you on your journey.
An introduction to Threat Modeling
In the OWASP definition, Threat modeling works to identify, communicate, and understand threats and mitigations within the context of protecting something of value. A threat model is a structured representation of all the information that affects the security of an application. In essence, it is a view of the application and its environment through the lens of security. Threat modeling can be applied to a wide range of things, including software, applications, systems, networks, distributed systems, Internet of Things (IoT) devices, and business processes. A threat model typically includes:
- Description of the subject to be modeled
- Assumptions that can be checked or challenged in the future as the threat landscape changes
- Potential threats to the system
- Actions that can be taken to mitigate each threat
- A way of validating the model and threats, and verification of success of actions taken
What is the four question framework?
At the heart of threat modeling is collaboration and communication between architecture/design, development, security, and operations teams. Working together as cross-discipline teams will encourage a common language and process to develop secure software and systems. There are many threat modeling methodologies, but most can be encapsulated through four key questions articulated by Adam Shostack, a leading expert on threat modeling and a Technical Advisory Board Member for IriusRisk:
- What are we building? This step is primarily about assessing the scope of what we are building and drawing out a diagram using drag and drop components, powered by our embedded draw.io diagramming tool, or answer our embedded questionnaires to define your application architecture
- What can go wrong? During this step IriusRisk uses its built-in security standards libraries to generate a list of the threats to the various components within your application. All of the threats are already linked to their appropriate countermeasures - so it can tell you instantly what you need to do to fix the problems
- What are we going to do about that? In this step we Assess your threats and countermeasures: With IriusRisk you can instantly see real-time threat scores on your applications' threat models, and quickly generate reports. You can review this output and choose to accept or reject a countermeasure, based on the level of risk it presents to your business. The established countermeasures are then synced with your development team's issue tracker, such as Jira Cloud and Server, ServiceNow, Microsoft TFS, and Azure DevOps
- Did we do a good enough job? And finally, the two way sync between IriusRisk and your issue tracker will enable an always-on, real-time view of your progress and the risk ratings associated with your app. Developers get countermeasures inserted directly into their workflow without ever needing to leave the IriusRisk platform.