Cyber Security

Definition

Threat Modeling is a proactive security process used to identify, analyze, and mitigate potential threats to a system before it's built or deployed.

It includes the following stages:

1. Identify Assets

2. Outline architecture

3. Breakdown application

4. Identify threats

5. Classify & Structure threats

6. Rate Severity of threats

After implementing the mentioned steps, here you have clear security requirements to take place over the different layers of your architecture context.

1. Mission Critical Assets

2. Data Security

3. Application Security

4. End point Security

5. Network Security

6. Perimeter Security

7. Human Layer

1. Asset Centric

• Focus: Protecting critical assets (data, systems).

• Used In: OCTAVE, NIST SP 800-30

• Strength: Prioritizes what matters most to the business.

• Example: Identify crown jewels (e.g., patient records), then assess threats to them. 

2. Attacker-Centric 

• • Focus: Thinking like an attacker (TTPs).

  • Used In: PASTA, MITRE ATT&CK

  • Strength: Simulates real-world threat actor behavior.

  • Example: Model threats based on attacker goals and methods (e.g., phishing, lateral movement). 

3. Architecture/Component-Centric

• Focus: System components and data flows.

• Used In: STRIDE, Microsoft Threat Modeling Tool

• Strength: Integrates well with SDLC and DFDs/UMLs.

• Example: Apply STRIDE to each process, store, and data flow in a diagram. 

4. Privacy-Centric 

• Focus: Protecting personal and sensitive data.

• Used In: LINDDUN

• Strength: Tailored for privacy-by-design and compliance (e.g., GDPR).

• Example: Identify risks like linkability, detectability, and non-compliance.

5. Process-Centric

• Focus: Business processes and organizational risks.

• Used In: OCTAVE

• Strength: Good for enterprise-level planning.

• Example: Analyze the business impact of security failures and adjust processes.

6. Hybrid Approach

• Combines multiple methods (e.g., STRIDE + PASTA + CVSS scoring).

• Used In: Large organizations or critical systems (e.g., banking, healthcare).

• Strength: Holistic view of threats and business risk.

1. STRIDE

2. PASTA

3. OCTAVE 

4. LINDDUN 

5. CVSS: Common Vulnerability Scoring System, focus on severity 

6. VAST: VAST (Visual, Agile, and Simple Threat Modeling), visual modeling

7. MITRE Att&ck: MITRE Corporation, Tactics & techniques database  

Definition

STRIDE is a threat modeling framework developed by Microsoft to identify and categorize security threats in software systems. 

Each character represents a different principle.

 Practices

1. Spoofing(انتحال الهوية ): Identity/Authentication instead of Fake login credentials 

• Samples:

  • • Log in with stolen tokens

    • Fake JWT or session token

• Best practice:

  • • multi-factor authentication (SMS/Whatsapp/Mail/Identity management system)

    • Enriched JWT

    • Auto-Rotation for secrets

    • Encryption

2. Tampering(تعديل البيانات ): Data Integrity instead of Altering files or messages

• Samples:

  • • Intercepting and changing data in transit (e.g., via MITM) 

    • Modifying a config file on the server

    • Unauthorized DB update via SQL Injection

• Best practices

  • • input validation & hashing

    • Never expose more data

3. Repudiation(إنكار الفعل): Accountability/Logs instead of denying performing an action

• Sample

  • • User said: I did not delete these files

    • A user denies a file download without access logs 

    • No proof of API usage in server logs

    • Admin deletes logs to cover their tracks 

• Best practices

  • • audit logs & digital signatures

4. Information disclosure(كشف المعلومات ): Confidentiality instead of Unauthorized data access

• Samples:

  • • Unencrypted API responses with sensitive data

    • Directory traversal exposing internal files 

• Best practices

  • • SSL

    • Encryption

    • RBAC: Role-based access control

      • • Add role in the token

        • Add authorized role on resource and operations

5. Denial of service (حجب الخدمة): Availability instead of Service crash or overload

• Examples:

  • • Botnet overloads the login endpoint 

    • Sending malformed requests to crash a server 

    • Database lock saturation by heavy queries

• Best Practices

  • • Rate limiting

    • Circuit breaker

    • WAF

6. Elevation of privilege(تصعيد الصلاحيات): Authorization instead of Gaining admin rights

• Samples:

  • • A normal user exploits a flaw to gain admin rights 

    • Local file inclusion leads to root access 

    • Privilege escalation via misconfigured roles

• Best Practices

  • • Least privilege

    • RBAC

Definition

Process for attack simulation and threat analysis: a risk-centric threat modeling methodology designed to identify, analyze, and mitigate threats from an attacker's perspective, while aligning security efforts with business objectives. 

It simulates attacker behavior and real-world exploitation paths, aligning threats with business risk.

It includes the following:

• Define Objectives:

  • • Align security with business impact 

    • Example:Protect payment API to ensure PCI-DSS compliance 

• Define Technical Scope

  • • Document architecture, APIs, infra, 3rd parties 

    • Example:E-commerce app using AWS, API Gateway, MongoDB 

• Application Decomposition

  • • Identify components, data flows, roles

    • Example:Frontend → Backend API → DB → Payment Gateway 

• Threat Analysis

  • • Identify threat actors & motivations

    • Example:Attacker targets checkout page to inject malicious script 

• Vulnerability Analysis

  • • Scan for known weaknesses

    • Example: Old jQuery version with known XSS vulnerability 

• Attack Simulation

  • • Emulate attacker behavior and entry paths 

    • Use Burp Suite to simulate stolen token access to admin panel 

• Risk & Impact Analysis

  • • Quantify risk impact vs. likelihood 

    • SQLi risk = High: affects financial data, easy to exploit 

Key Values

• Bridges technical threats with business impact.

• Useful for complex, high-risk applications.

• Aligns with standards like NIST, OWASP, and ISO 27005.

Stages

1. Define Objectives: Understand business impact and security goals, 

Example: Ensure secure fund transfers, protect user data, comply with PCI-DSS.

2. Define Technical Scope: Identify assets, technologies, systems, and environment.

Example: Web frontend, mobile app, API gateway, backend microservices, DBs, load balancer. 

3. Application Decomposition: Break down app components, data flows, and trust boundaries.

Example: Login → 2FA → transfer funds → DB update → SMS notification. 

4. Threat Analysis: Identify potential threats using frameworks like STRIDE, ATT&CK.

Threat: Credential stuffing on login; Session hijacking; API abuse. 

5. Vulnerability Analysis: Discover and map known weaknesses.

Example:OWASP Top 10 issues found via code scan (e.g., broken auth, SQLi in reports).  

6. Attack Modeling: Simulate realistic attack scenarios and paths.

Example:Attacker uses leaked credentials → bypasses weak 2FA → initiates fraudulent transfer. 

7. Risk & Impact Analysis: Assess risk likelihood and business impact to prioritize defenses.

High risk: financial loss, legal penalty, customer churn → recommend stronger auth and fraud detection.