Bridging The Security Gap
So here I am, only two months in to my new job: Security Consultant. Apart from the fact I really like my job and have tons of fun there’s also the fact that I’m attending BruCon2014 as a part of my job now. This makes my job even cooler. I get to go visit Gent for interesting talks about security related subjects. This Friday started off with an interesting talk about “threat modeling”.
I’ve never really thought about it, but the topic is really interesting: Developers and software architects should think of threats incriminating their project in advance. The cool thing I learned today is our market tends to shout that threat modeling should be done continuously. It’s a logical thing right? Threats are never the same: once threats have been addressed and mitigated new ones could arise and they should be identified as well.
But with this approach you’re never done. What triggered me most is that Adam Shostack explained this method doesn’t work. People are not looking for an endless loop of continuous threat modeling. In fact, the best way to get threat modeling going is to start with a linear process once the development of new software starts. In this way threat modeling becomes manageable, planable and doable.
In addition I got introduced to the STRIDE framework. Microsoft has designed a framework to analyze threats. The STRIDE framework stands for: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of service and Elevation of Privilege. This framework provides a handle to create a threat model in such a way that you’ll cover the risks an application or software project might come across.
These two bits of knowledge simplify threat modeling quite a bit. Every project can take the STRIDE framework of the beginning of a development project and create an overview of threats that might occur. This is just one the cool presentations that I got to see at BruCon2014. There were many more, I recommend visiting BruCon if you’re interested in security!