Cyber Security

1. Asset Centric

• Focus: Protecting critical assets (data, systems).

• Used In: OCTAVE, NIST SP 800-30

• Strength: Prioritizes what matters most to the business.

• Example: Identify crown jewels (e.g., patient records), then assess threats to them. 

2. Attacker-Centric 

• • Focus: Thinking like an attacker (TTPs).

  • Used In: PASTA, MITRE ATT&CK

  • Strength: Simulates real-world threat actor behavior.

  • Example: Model threats based on attacker goals and methods (e.g., phishing, lateral movement). 

3. Architecture/Component-Centric

• Focus: System components and data flows.

• Used In: STRIDE, Microsoft Threat Modeling Tool

• Strength: Integrates well with SDLC and DFDs/UMLs.

• Example: Apply STRIDE to each process, store, and data flow in a diagram. 

4. Privacy-Centric 

• Focus: Protecting personal and sensitive data.

• Used In: LINDDUN

• Strength: Tailored for privacy-by-design and compliance (e.g., GDPR).

• Example: Identify risks like linkability, detectability, and non-compliance.

5. Process-Centric

• Focus: Business processes and organizational risks.

• Used In: OCTAVE

• Strength: Good for enterprise-level planning.

• Example: Analyze the business impact of security failures and adjust processes.

6. Hybrid Approach

• Combines multiple methods (e.g., STRIDE + PASTA + CVSS scoring).

• Used In: Large organizations or critical systems (e.g., banking, healthcare).

• Strength: Holistic view of threats and business risk.

Most recommended: the Final one, a hybrid that considers engineering practices, assets, and risks.

In order to to conduct threat modeling, you should apply defense in depth in your  solution infrastructure from the following layers, considering the following: 

1. Mission Critical Assets

2. Data Security

3. Application Security

4. Endpoint Security

5. Network Security

6. Perimeter Security

7. Human Layer

You will ask yourself 3 questions:

• What are potential attacks for Confidentiality

• What are potential attacks for Integrity

• What are potential attacks for availability

• What is the severity of each attack

so, you will have a concrete matrix about potential threats, and an early architect for security to put the proper solution.

 Moreover, upon your modeling tools and methodology, you will go in-depth in other aspects that cover the mentioned aspects.

1. STRIDE

2. PASTA

3. OCTAVE 

4. LINDDUN 

5. CVSS: Common Vulnerability Scoring System, focus on severity 

6. VAST: VAST (Visual, Agile, and Simple Threat Modeling), visual modeling

7. MITRE Att&ck: MITRE Corporation, Tactics & techniques database  

Definition

STRIDE is a threat modeling framework developed by Microsoft to identify and categorize security threats in software systems. 

Each character represents a different principle.

 Practices

1. Spoofing(انتحال الهوية ): Identity/Authentication instead of Fake login credentials 

• Samples:

  • • Log in with stolen tokens

    • Fake JWT or session token

• Best practice:

  • • multi-factor authentication (SMS/Whatsapp/Mail/Identity management system)

    • CAPTCHA

      • • Picture

        • Audio

        • Video

    • Enriched JWT

    • Auto-Rotation for secrets

    • Encryption

2. Tampering(تعديل البيانات ): Data Integrity instead of Altering files or messages

• Samples:

  • • Intercepting and changing data in transit (e.g., via MITM) 

    • Modifying a config file on the server

    • Unauthorized DB update via SQL Injection

• Best practices

  • • input validation & hashing

    • Never expose more data

    • TLS

    • RBAC(Role based access control)

3. Repudiation(إنكار الفعل): Accountability/Logs instead of denying performing an action

• Sample

  • • User said: I did not delete these files

    • A user denies a file download without access logs 

    • No proof of API usage in server logs

    • Admin deletes logs to cover their tracks 

• Best practices

  • • audit logs & digital signatures

4. Information disclosure(كشف المعلومات ): Confidentiality instead of Unauthorized data access

• Samples:

  • • Unencrypted API responses with sensitive data

    • Directory traversal exposing internal files 

• Best practices

  • • SSL

    • Encryption

    • RBAC: Role-based access control

      • • Add role in the token

        • Add authorized role on resource and operations

5. Denial of service (حجب الخدمة): Availability instead of Service crash or overload

• Examples:

  • • Botnet overloads the login endpoint 

    • Sending malformed requests to crash a server 

    • Database lock saturation by heavy queries

• Best Practices

  • • Rate limiting

    • Circuit breaker

    • WAF

6. Elevation of privilege(تصعيد الصلاحيات): Authorization instead of Gaining admin rights

• Samples:

  • • A normal user exploits a flaw to gain admin rights 

    • Local file inclusion leads to root access 

    • Privilege escalation via misconfigured roles

• Best Practices

  • • Least privilege

    • RBAC

Definition

Process for attack simulation and threat analysis: a risk-centric threat modeling methodology designed to identify, analyze, and mitigate threats from an attacker's perspective, while aligning security efforts with business objectives. 

It simulates attacker behavior and real-world exploitation paths, aligning threats with business risk.

It includes the following:

• Define Objectives:

  • • Align security with business impact 

    • Example: Protect payment API to ensure PCI-DSS compliance 

• Define Technical Scope

  • • Document architecture, APIs, infra, 3rd parties 

    • Example: E-commerce app using AWS, API Gateway, MongoDB 

• Application Decomposition

  • • Identify components, data flows, roles

    • Example: Frontend → Backend API → DB → Payment Gateway 

• Threat Analysis

  • • Identify threat actors & motivations

    • Example: Attacker targets checkout page to inject malicious script, we can use STRIDE here for analysis 

• Vulnerability Analysis

  • • Scan for known weaknesses

    • Example: Old jQuery version with known XSS vulnerability 

• Attack Simulation

  • • Emulate attacker behavior and entry paths 

    • Use Burp Suite to simulate stolen token access to admin panel 

• Risk & Impact Analysis

  • • Quantify risk impact vs. likelihood 

    • SQLi risk = High: affects financial data, easy to exploit 

Key Values

• Bridges technical threats with business impact.

• Useful for complex, high-risk applications.

• Aligns with standards like NIST, OWASP, and ISO 27005.

Upon all mentioned methodologies, you should maintain your asset inventory, to part of your infrastructure, that should incrementally revisited from cybersecurity perspectives, and to be subject for audits to secure.

Assets should be defined as follows:

1. Name 

2. Location

3. Objective

4. OS details

5. Configuration

6. Admin definitions

Objectives

Having mixed model between STRIDE and PASTA is a well-known practice in large enterprises, as PASTA is used as an overall highlevel model, while STRIDE is used only in the threats analysis process within the PASTA lifecycle.

1. Unidentified attack vectors – Critical vulnerabilities (e.g., privilege escalation paths, insecure APIs) remain hidden until exploited.
   
   

2. Insecure design decisions – Architecture may lack necessary controls (e.g., encryption layers, access restrictions).
   
   

3. Higher cost of fixes – Issues found late in development or post-release cost significantly more to remediate.
   
   

4. Compliance gaps – Missed regulatory or industry security requirements (e.g., PCI-DSS, ISO 27001).
   
   

5. Reduced resilience – Systems are less prepared for evolving threats, making breaches more likely and severe.