Better decision-making for a more streamlined software development lifecycle
Threat modelling plays a vital role in identifying attack surfaces and entry points in the critical early stages of developing a secure software development lifecycle (SDLC). It is also often less costly than if undertaken at later stages due to minimal remediation costs.
Kroll leverages a flexible framework that combines advanced tooling with seasoned intelligence. Our approach combines two complementary processes supported by a defined methodology, guiding resources, standard operating procedures and tools. By achieving a balance of accessibility, scalability and agility, we ensure that rather than being an obstacle, threat modelling is an enabler in your application development lifecycle.
What is threat modelling?
Threat modelling involves the analysis of an application to identify and mitigate potential design and/or implementation weaknesses to assess how best to protect it. Application threat modelling allows organisations to locate potential weaknesses within a system and find design and implementation issues that require mitigation.
Our threat modelling framework enables developers to undertake application threat modelling with the guidance of a complete knowledge-base of templates, standards, common vulnerabilities, security controls and process documentation. By utilising a wide range of tooling, teams can achieve reliable coverage of common vulnerabilities and more easily verify threat mitigation.
Our application threat modelling program
There is no one ‘right’ approach to threat modelling. The best strategy for your organisation is the one that works, is consistently used throughout your organisation and supports improvements to enhance your security posture.
However, as the effective and timely analysis of threats demands time and effort, teams can more easily adopt, view results and implement improvements through Kroll’s approach to defining and implementing application threat modelling programs. Our program is made up of three essential components, as defined below.
Threat modelling framework
The application threat modelling framework is the foundation of our threat modelling program, defining core concepts and terminology. It is also a central resource for our internal threat modelling knowledge base, training materials, tools, templates and guides.
Abuse case and business logic
This process focuses on identifying threats, weaknesses and vulnerabilities unique to the application that cannot be identified using automation. It provides the depth required to uncover potential threats in complex business logic scenarios.
Weaknesses and controls
This process is focused on identifying system weaknesses and the controls that will prevent them, with the support of automation. It uses tooling to identify common and accepted guidance, good practices and design patterns early on in the development lifecycle.
By aiming for continuous progress, organisations can better recognise incremental steps forward and reduce the risks of becoming stuck while seeking to meet unattainable standards.
Because automation should increase efficiency and generate value it is important to assess its impact on related processes.
Value diverse viewpoints
By ensuring your process involves diverse experiences, knowledge and viewpoints, you can benefit from better quality and more wide-ranging insights.
Weaknesses threat modelling will uncover
While systems vary in architecture, features and technology, they have many security-critical aspects in common. The process of locating and addressing threats in each of these areas is based on well-established patterns and best practices. We help to uncover common weaknesses in:
- Configuration and deployment management
- Identity management
- Authentication and authorisation
- Session management
- Input validation
- Error handling
- Client-side security
Frequently asked questions
- What is threat modelling?
Application threat modelling is the visualisation of the attack surface of an application in order to identify threats and vulnerabilities that may pose a risk to its functionality or data. This enables development teams to better understand the types of threats and risks the application might be affected by. Threat modelling should be iterative and cyclical to ensure that the threat model is updated as the application changes.
- What is the goal of threat modelling?
Threat modelling enables development teams to identify and mitigate potential security issues early on in the development process, when they are easier and more cost-effective to address. It helps teams to gain a better understanding of the application’s attack surface and find entry points attackers could utilise to breach it.
- Are dedicated tools and resources required for threat modelling?
The threat modelling process requires the use of specific tools and techniques so that developers and software architects can find potential threats and set up effective controls to detect or resolve threats.
- What is the best way to assess the effectiveness of threat modelling?
The threat modelling process involves creating and reviewing a risk matrix. This helps to determine whether a threat is effectively mitigated. OWASP and other key industry standards offer structured guidance on the threat modelling process and outline how it complements application security.
- What are some additional advantages of application threat modelling?
Added benefits of threat modelling include the ability to the evaluate new forms of attack and non-standard types of threats, and maximising budgets through more targeted testing and code reviews.
- Why can’t issues in applications be identified using penetration testing?
While penetration testing provides valuable insight in helping to identify bugs in code, security assessments such as threat modelling are more effective at uncovering design flaws.
Get in touch
Complete the form for a prompt response from our team.