Question

The SDLC (software/system development life cycle) framework is a common development methodology used by organizations to build systems and software. Security is often an afterthought or only addressed late in the development process.

How can threat modeling be includes during the entire development effort? At what points of the lifecycle would you include threat identification, testing and analysis? Why have you chosen those points in the development cycle?

Answer 1

Many people thinks that threat modelling should be done only after the development of sofware. This is because many people thinks that threat modelling can be done only by security professionals.

This is not correct.
Developers etc also can do the threat modelling.

Normaly threat modelling is done after the entire development of architecture. But instead we can implement Threat modelling as a part of SDLC itself.

for integrating the threat model in SDLC

• During requirement phase

the threat model can be included by considering a threat agent trying to make malicious use of application functionality.

by analysing all the harms a malicious user can do regarding the application functionality, the security requirements can be improved and therefore risk of abuse of application can be reduced

• During Design phase

During this phase, threat model can be included by identifing the vulnerabilities in the design of application architecure.

this includes identification of vulnerabilites in user interface,data storage,data flow, hardware,components etc.

Hence, Those vulnerablities can be removed during the design phase itself.

This way of including threat model during design helps to reduce the extra cost of solving the vulnerablities after the sofware is developed.

• during coding phase

even if there exist no vulnerabilities in application architecture, New vulnerablities will be formed in the application if the application design is coded in inappropriate manner.

Attackers can easily find such vulnerablities by scanning the application.

During coding phase, the threat model can help identify such vulnerablities.

the threat model can be included by automatic or manual analysis of source code with respect to specific criterias of existing threat model.

• During Testing phase

By documenting the Threat model that is implemented during requirement,design and coding phase, the threat model can be included during testing phase also

The software testers can refer this document to check whether all the threat vulnerabilites found during other phases has been solved or not.

normaly security testers will check only for common security vulnerabilities.
Having a threat model documentation will be very much usefull for security testers.

because the documentations helps the testers to focus more on specific architecture of application or specific vulnerabilites other than common issues