Software Integrity

 

When should threat modeling take place in the SDLC?

Where should threat modeling take place in the SDLC?

So, your firm has one or two, maybe tens, or even hundreds of applications built and deployed. And now you want to create threat models for those applications. But, why? Let’s find out.

Why create application threat models?

To identify potential flaws that have been there since the applications were created. And then there are new applications that your development teams are creating as we speak. You’ll want to create threat models for these as well.

Threat modeling identifies risks and flaws affecting an application, no matter how old or new that application is. Conducting a thorough analysis of the software architecture, business context, and artifacts such as functional specifications and user documentation allows your firm to discover important security- and quality-related issues.

Learn to scale your threat modeling capability.

The threat modeling process offers a strategic practice by which you can think about a system’s characteristics. It also provides visibility into weaknesses that may affect not only the application, but potentially the entire organization.

When should threat modeling take place in the SDLC?

Creating a threat model can take several weeks. The way in which the team conducting the threat model looks for flaws may require adjustment based on the SDLC methodology in use within your firm. No matter what methodology you utilize, you can’t neglect identifying and resolving design flaws.

In order to identify and resolve those flaws, you must understand that there are five primary activities that make up a threat model:

  1. Defining the scope and depth of the analysis.
  2. Gaining an understanding of what you’re threat modeling.
  3. Modeling the attack possibilities.
  4. Interpreting the threat model.
  5. Creating a traceability matrix to record missing or weak controls.
Explore each of these five threat modeling pillars in more depth.

In an ideal scenario, threat modeling should take place as soon as the architecture is in place. However, not all scenarios are ideal. No matter when you end up performing the threat model, understand that the cost of resolving issues generally increases further along in the SDLC.

The earlier you’re able to identify potential attacks and squash those vulnerabilities, the more time and cost efficient those resolutions will be. Remember, it’s better to build security in than it is to bolt security on. But, again, not all scenarios are ideal and not all applications undergo a threat modeling assessment during their development. Don’t worry, not all hope is lost.

While threat modeling should take place as early as possible, it’s still a very useful activity no matter how close an application is to deployment or has been in production. While an app may have reached the end of its development cycle, you can still pick up threat modeling within the support cycle.

Threat modeling offers perspective into potential flaws in the system. A thorough assessment informs your organization about the current design-level security stance of an application. Therefore, through threat modeling, you’re able to make an informed decision about investing further in that system.

Learn about tactical threat modeling in SAFECode’s latest whitepaper.

Get started