Cyber attackers today are ever more innovative in their tactics to create large-scale cyber attacks using techniques such as hacking into suppliers obtain access for their clients or exploiting weaknesses in the code of an application to target an organization.
Therefore developers have to be more aware of threats in the creation of their apps and products. With so many fresh and new threats how can they ensure that they’ve thought of all the possibilities?
A framework like STRIDE threat modelling can assist. STRIDE threat modelling helps companies and developers to spot cybersecurity risks to their application and prioritise them in accordance with their impact and probability and incorporate mitigations within their security software development process (SSDLC).
What exactly is STRIDE threat modelling?
The STRIDE threat modeling is a threat modeling technique built on six typical threats that attack software. STRIDE is an acronym that refers to each threat category it addresses Spoofing, Tampering Repudiation, Information disclosure denial of service, and elevation of privilege.
The STRIDE threat model was devised at the end of 1999 by security experts from Microsoft. While STRIDE threat modeling is beneficial for organizations by itself, it also part of a larger methodology that gives security teams a an effective approach to identifying threats and tackling the threat by setting security requirements, creating an application diagram that identifies threats, managing threats, and confirming the fact that risks have been eliminated.
The six threat groups that are considered within the STRIDE threat modelling framework are focused on various elements of security in an application. It encourages developers to consider the risks that could be affecting the entire app or system as well as the methods they can defend against them in the initial stages to the design process.
The six components of STRIDE threat modelling include:
Spoofing
Spoofing is a type of attack where attackers disguise their identity in order to successfully impersonate a trusted entity and gain access to crucial information or data from the user. Spoofing typically employs social engineering to persuade users to provide details such as usernames and passwords. Once they have access to the data hackers will then utilize this information to access the app and then from then attack the network.
Spoofing attacks can include cookies replay , hijacking sessions and cross-site request forgery (CSRF) attacks.
Since spoofing is a form of attack on authentication for users The best method of defense is to adopt security-based methods of authentication for users which include both secure password requirements as well as Multi-factor authentication (MFA).
Tampering
Tampering refers to the deliberate alteration of a system to alter its behaviour. Attackers try to hack applications by altering parameters or code to alter the data of an application, like user credentials, permissions, as well as other important elements of the application.
Tampering attacks, such as Cross Site Scripting (XSS) and SQL injection compromise the integrity and security of an application. To protect against tampering attacks, the application should be designed to check user inputs and encode outputs. Static code analysis must be utilized to detect potential vulnerabilities to tampering with the application at both the development phase and after the application is operational.
Repudiation
Repudiation attacks are an attack on the authenticity and integrity of actions taken on the application. Repudiation attacks exploit the absence of security controls that accurately track and record user actions. They use this inability to manipulate or alter the identity of illegal, new actions, erase logs or write the wrong information into log files, and refuse to perform actions or receive services (for instance, for example, to commit fraud).
Developers can construct non-repudiation which is the assurance that no one can doubt the validity of an action by including digital signatures into the application that provide evidence of an action or by ensuring there are complete, tamper-proof logs on file.
Information disclosure
Information disclosure occurs when an application intentionally divulges details about the application which could be used by hackers to attack the system.
Information disclosure may result from developer comments which are included within the application, or from source code that contains details about parameters, or from errors that include too many details, divulging details about users, confidential business or commercial data as well as technical information about the application’s infrastructure and.
The information could be used by attackers to get users to access the app to gather data about the customers. This could later be used for other crimes, or to gain access privileges, which can allow access to the more sensitive parts of the application.
Developers are at the forefront of preventing vulnerability to disclosure of information within the application
The error messages and response headers and background information must be as broad as possible so as to not reveal any details about the behavior of the application.
Authorisations and access controls that are properly controlled must be in the place to block unauthorised access to data.
The application should be inspected from a user’s perspective to ensure that comments from developers and other data are not visible within the application’s production environments.
Service denial
The Denial of Service (DoS) attacks overwhelm the target with traffic, leading to crashes, and then closing it off to legitimate traffic. DoS attacks usually consume time and money however they do not cause any harm to the victims. The most commonly used form that is a DoS attack is buffer overflow, which simply transmits too much data towards the program. Others exploit weaknesses in systems, causing them to crash.
DoS attacks may target the network layer and the layer that runs on the application. Applications can be secured from DoS attacks by setting firewalls to prevent traffic from specific sources, such as loopbacks, reserved as well as private IP addresses or DCHPDHCP clients not assigned or by introducing rate-limiting to control the flow of traffic.
Escalation of privilege
Attacks that exploit vulnerabilities and improper configurations within applications to obtain access to privileges or elevated rights. The attacks can be able to exploit authentication and credentialing processes, or compromise weaknesses in design and code and exploit misconfigurations or malware Social engineering in order to access information.
Security against escalation in privilege must be integrated into the application during the stage of development. This should include managing the lifecycle of identity and ensuring the principle of the least privilege for all users as well as hardening applications and systems by making changes to configurations, removing unneeded rights and accession, closing port and many more.
The advantages of STRIDE threat modeling
Be aware of weaknesses in the beginning
A lot of the methods to identify vulnerabilities (static code analysis bugs bounties, penetration tests and others) are used once all or the application is developed. However, it’s less expensive and simpler to fix vulnerabilities during the development phase as opposed to once flaws are present in the actual product.
The STRIDE threat model is a method for development-focused analysing the risks that could affect an application. It can be used to create a checklist to ensure an effective software development lifecycle aiding developers in identifying vulnerabilities early, when they’re less expensive and simpler to eliminate or fix.
Make sure you are taking a security-first approach
Threat modelling in STRIDE is based on threats, which encourages developers to consider how each threat that are being considered could affect different components that comprise the app. Additionally it challenges assumptions forcing developers and security groups question the assumptions they have made and verify their reliability and security.
The results of the STRIDE threat modeling exercise can be incorporated into an DREAD models for risk assessments (Damage possibility, Reproducibility Exploitability, Affected Users as well as Discoverability) to determine the potential effects of each risk and identify vulnerabilities that require remediation.
The threat modeling STRIDE can be performed repeatedly
The threat modeling of STRIDE is not ever.
Threat modelling with STRIDE is a framework that lets you conduct threats to be modelled at regular intervals that allow security personnel to stay on top of the ever-changing threat landscape and to make sure that the security measures that are in place can stand up to both new and older threats.
The threat modeling of STRIDE is a part of a larger cybersecurity program.
Making secure systems and applications and securing them requires a broad cybersecurity risk management plan that includes infrastructure protections as well as other aspects like conducting security tests on the applications and systems frequently with penetration tests.
The threat model in STRIDE is one of these features helping developers implement secure development practices into the development of software and other systems. Threat modelling by itself is not enough to protect your application however it can provide an excellent foundation at the beginning in the development process.
© Denbight ICT All Rights Reserved