Threat Modeling in Architecture Design and Pen -Testing
Thereat modeling is an enhanced and structured methodology to identify and illustrate an organization's potential threats and vulnerabilities, utilize countermeasures and facilitate optimized security. To perform threat modeling for an organization, we will need to have a comprehensive image and deeper understanding of its systems, services, processes, business models, and operations, which usually would be achieved in a few steps such as:
Identifying the organizational assets, recognizing the level of their value for the organization, and categorizing them
Identifying the asset's exposure, attack surface, and vulnerabilities
Identifying threats and attack vectors
Planning mitigation and prevention
Threat modeling produces a systematic process with unquestionable advantages for the security posture of any organization and its maturity by reducing attack surface, highlighting threats and mitigations methods combined with prioritizing them based on the organization's priorities, and helping with designing incident response and recovery plans.
The Common Vulnerability Scoring System (CVSS) is one of the threat modeling methodologies or frameworks that acts as a vulnerability metric system. CVSS categorizes the attributes and gravity or severity of the vulnerabilities and produces standardized numerical scores (from 0 to 10) to indicate the likelihood of the impact of each vulnerability on the organizations. CVSS score contains three sets of metrics: basic, temporal, and environmental. CVSS has introduced the third version of itself (V3) to address some of the previous versions' flaws and better serve the cybersecurity landscape.
While threat modeling is proven to be crucial for a healthy security posture, there are still some common misconceptions about employing this methodology like: pen-testing and code reviewing could replace this framework, or applying threat modeling after deployment wouldn't be necessary, or on the opposite side some might think that threat modeling would be enough to secure the system and additional measures wouldn't be required.
The misconception about pen-testing and threat modeling begs for more profound attention to this issue, their differences, and the benefit of employing both methods to construct a better security posture.
Threat modeling is applying security measures from the start and designing phase to avoid or manage flaws at the early steps, while pen-testing will be utilized later during the development and staging phase to test the developed applications and their resilience. So, in a strong and healthy security posture, we will need to employ both to complete a comprehensive security practice.