Open in app

Sign in

Write

Sign in

Threat Modeling — Easy way

Mehdi Esmaeilpour
4 min readFeb 10, 2021

Do you run Threat Modeling sessions regularly? Do you have any specific method to do that?

Available Methods

There are several methods for doing Threat Modeling. You can read about 12 available methods here. All of the available methods were made in a time for a specific purpose, but now you can use which one fits your requirements.

Easy way!

In this article, I’m going to show you a very simple and easy method (but effective) to do your Threat Modeling. I suppose we are going to Threat Model an application with just one functionality(User Registration). Here is a simple Data Flow Diagram:

Simple diagram

As you can see in the picture, there are 3 parts in our application:

  • Front-End (Sends user-supplied information to back-end)
  • Back-End (Receives information from the front-end and process the information)
  • Database (Stores user data)

The Registration form looks like the following:

Registration form

OK! Now I’m going to model all available threats!

Use Cases

Step 1: Write down all functionality you expected from the users

Expected behavior

As you can see in the above picture, when a normal user wants to register on the website simply doing the mentioned steps.

Abuse Cases

Step 2: Now we have all expected behavior, let’s try to write down any potential threats.

Threat 1

  • Description: A malicious user tries to send injection payloads in the fields
  • Is Mitigated: Yes
  • Is Bypassable: Currently No (Tested by the internal Penetration Test team)
  • Severity: Critical
  • Mitigation: In the Front-End and Back-End side there is a strong input validation checks
  • Impact: A malicious user can send injection payloads and get access to sensitive data or functionality

Threat 2

  • Description: A malicious user tries to register with another one’s phone number
  • Is Mitigated: No
  • Is Bypassable: N/A
  • Severity: Medium
  • Mitigation: There should be a phone verification step
  • Impact: Anyone can register with another one’s phone number(The owner of the phone number can’t register on the website)

Threat 3

  • Description: A malicious user try to register with another one’s email address
  • Is Mitigated: Yes
  • Is Bypassable: Currently No (Tested by the internal Penetration Test team)
  • Severity: Medium
  • Mitigation: There is a reliable email verification step in sign up process
  • Impact: Anyone can register with another one’s email address(The owner of the email address can’t register on the website)

Threat 4

  • Description: A malicious user tries to send bulk registration request (he wrote a python script to send a 1000 registration request per minute)
  • Is Mitigated: Yes (Captcha)
  • Is Bypassable: Yes (Tested by the internal Penetration Test team)
  • Severity: High
  • Mitigation: Utilizing reliable captcha (google ReCaptcha) and also implementing in a correct and recommended way / Have an effective rate limit
  • Impact: A malicious user with a simple python script can send thousands of user registration requests — Consume resources (bandwidth, database and …) — Also this can lead to DOS or DDOS attacks

Threat 5

  • Description: A malicious user have access to the users’ password’s hash and tries to crack the passwords
  • Is Mitigated: Yes
  • Is Bypassable: Yes (Tested by the internal Penetration Test team)
  • Severity: High
  • Mitigation: Define a strong password policy according to the standards (NIST guidelines) / Use recommended hashing algorithms with salt and pepper (Argon2id, bcrypt)
  • Impact: Implementing registration form without any password complexity and also secure and recommended hashing algorithms can lead to users plain password exposure (In data breach cases)

The mentioned threats maybe not all potential threats, and also here, I was not going to write down all ones!

Tips

  • In step 1, when you are going to write down all expected behavior, do it alongside the developers and product managers
  • In step 2, when you are going to write down all abuse cases(potential threats), do it alongside the developers, product managers, and security engineers (brainstorming)

Available tools

Do you know any other tools?

Threat Modeling

when you are going to do Threat Modeling, keep in mind the following:

  1. What are we building?
  2. What can go wrong?
  3. What are we going to do about that?
  4. Did we do a good enough job?

I know this is not a standard method for doing threat modeling but this can help those who afraid of threat modeling or beginners.

All suggestions are welcome.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Threat Modeling
Application Security
Design Review
Security

Mehdi Esmaeilpour
Mehdi Esmaeilpour

Written by Mehdi Esmaeilpour

118 Followers
81 Following

Application Security Engineer

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams