Take a security first approach with STRIDE threat monitoring

  • by

The cybercriminals of today are ever more creative in their tactics to create massive cyber attacks using techniques such as hacking into suppliers obtain access for their clients or exploiting weaknesses in the application’s code to infiltrate an organisation.

Therefore developers have to be more aware of threats than ever before when developing their apps and products. With so many different and innovative threats how can they ensure that they’ve thought of all the possibilities?

A framework like STRIDE threat modelling can assist. STRIDE threat modelling helps companies and developers to spot security threats to their applications and prioritise them in accordance with their impact and probability and integrate mitigations within their security software development process (SSDLC).

What exactly is STRIDE threat modelling?

Threat modelling using STRIDE is a threat modelling technique that is built on six typical security threats that target software. STRIDE is an acronym that refers to each threat category it tackles Spoofing, Tampering Repudiation, information disclosure, denial of service, and elevation of privilege.

The STRIDE threat model was developed at the end of 1999 by security experts working at Microsoft. While STRIDE threat modeling can be useful for businesses by itself, it also an integral part of a wider process that gives security teams a an efficient method of identifying threats and tackling them through formulating security requirements, constructing an application diagram that identifies threats, managing threats, and confirming the fact that risks have been eliminated.

The six threat groups that are considered as part of the STRIDE threat modeling framework concentrate on the various aspects of security in an application. It encourages developers to consider dangers that could affect the entire software or system as well as the methods they can defend against them at the beginning in the process of development.

The six components of STRIDE threat modelling include:

Spoofing

Spoofing attacks occur when attackers disguise themselves to successfully impersonate a trusted entity and gain access to crucial information or data from the user. Spoofing typically employs social engineering to persuade users to provide details such as usernames and passwords. Once they have this information the attackers can make use of this information to access the app, and from they will attack the network.

Spoofing attacks can include cookies replays, sessions hijacking and cross-site request forgery (CSRF) attacks.

Since spoofing can be a threat against authentication of users the most effective method of protection is to use security-based methods of authentication for users that include secure password requirements as well as the multi-factor authentication (MFA).

Tampering

Tampering refers to the deliberate alteration of a system to alter its behavior. Attackers try to hack applications by altering parameters or code to alter data in the application like user credentials, permissions, as well as other important elements of the application.

Tampering attacks, such as Cross Site Scripting (XSS) and SQL injection compromise the integrity and security of an application. To guard against tampering attacks, the application should be designed to check user inputs, as well as encode outputs. Static code analysis must be utilized to detect potential vulnerabilities to tampering with the application at both the development phase, and later when the application has been put into production.

Repudiation

Repudiation attacks are an attack on the legitimacy and integrity of actions taken on the application. Repudiation attacks exploit an absence of controls to effectively track and log user actions. They then use this weakness to alter or forge the recognition of illegal, new actions, remove logs, or add incorrect data into log files, and refuse to perform actions or receive services (for example, in the case of fraud).

Developers can create non-repudiation, which is the assurance that no one can doubt the validity of an act, by using digital signatures within the application that provide evidence of the actions taken or by ensuring there are complete, tamperproof logs available.

Information disclosure

Information disclosure happens when the application accidentally divulges details about the application that could be used by hackers to attack the system.

Information disclosure may result from developer comments that are written within the application, or from source code that gives parameters, or error messages that have too many details, divulging information about users, sensitive business or commercial data and other technical details regarding the application’s infrastructure and.

The information could be used by attackers to get users to access the app and collect details about customers. This information could be used to commit other crimes, or to gain access privileges, which can allow access to the most sensitive areas of the application.

The developers are at the center of preventing vulnerabilities in information disclosure within the application

The error messages and response headers and background information must be as general as is possible, so that they don’t reveal information about the application’s behavior.
Access controls and authorisations should be put in the place to block unauthorised access to data.
The application should be scrutinized from a user’s perspective to ensure that comments from developers and other data are not disclosed inside the development environment.

Service denial

The Denial of Service (DoS) attacks overwhelm the target with traffic, leading to an accident, then closing it off to legitimate traffic. DoS attacks generally consume time and money however they do not cause any harm to the victims. The most commonly used form that is a DoS attack is buffer overflow attacks that simply causes too much traffic through the system. Others exploit weaknesses that cause systems to crash.

DoS attacks may target the network layer and the layer of application. Applications can be secured from DoS attacks by setting firewalls to block access from specific sources, such as loopbacks, reserved and private IP addresses or DCHPDHCP clients that are not assigned or by introducing rate limiting to control the flow of traffic.

Escalation of privilege

The attacks use weaknesses and configurations that are not correct in applications to obtain access to privileges or elevated rights. These attacks could attack authentication and credential processes, or compromise weaknesses in design and code or exploit configuration errors or exploit malware or Social engineering in order to access information.

The protection against escalation in privilege must be included in the application during the time of development. This should include managing the lifecycle of identity by enforcing the principle most users having the lowest privilege while also securing systems and applications by making changes to configurations, removing any unnecessary rights or the ability to access ports, including closing them and many more.

The advantages of threat modelling using STRIDE

Be aware of weaknesses in the early stages

A lot of the methods of identifying weaknesses (static code analysis and bugs bounties, penetration tests and other methods) become relevant after all or a large portion of the application is developed. However, it’s less expensive and more efficient to correct weaknesses during the development process rather than once flaws are present in the actual product.

The STRIDE threat model is a method for development-focused analysing the risks that could affect an application. STRIDE can create a checklist to ensure the development of secure software aiding developers in identifying possible weaknesses earlier, so that they’re cheaper and easier to reduce or fix.

Use a security first approach

The threat modeling of STRIDE is based on threats, which encourages developers to consider how each threat to be considered might affect different components that comprise the app. Additionally it challenges assumptions forcing developers and security team members question assumptions and verify their authenticity and security.

The results of the STRIDE threat modeling exercise can be used in conjunction with an DREAD Risk Assessment Model (Damage possible, Reproducibility Exploitability, Affected Users and Discoverability) to evaluate the consequences of each risk and prioritize vulnerabilities to be addressed.

The threat modeling STRIDE can be done repeatedly

Threat modelling with STRIDE is never ever.

The threat modeling STRIDE provides is an application that permits threats to be modelled at regular intervals that allow security personnel to stay abreast of the ever-changing threat landscape and make sure that the security measures implemented are able to be able to withstand both modern and old threats.

Threat modelling by STRIDE is an integral part of a larger cybersecurity program.

Making secure systems and applications and safeguarding them from hackers requires a comprehensive cybersecurity risk management plan which includes protection of infrastructure and other aspects like conducting security tests on the applications and systems frequently with penetration tests.

The threat model in STRIDE is one of these features helping developers implement secure development practices into the development of the systems and applications. Threat modelling by itself is not enough to protect your application however it can provide an excellent foundation right from the beginning in the development process.