Application Security Services

Identify and remediate software vulnerabilities earlier in the development lifecycle, while drastically reducing the cost of security code maintenance.

Threat Modeling Services

Threat Modeling at a Glance

Over the last few years, significant progress has been made in back end SDLC security controls. Vendors have developed sophisticated analysis tools focusing on code inspection and application testing and organizations are incorporating both automated and manual assessment methods into the latter half of their development process. However, adoption of architectural risk analysis has not been as widespread.

Although threat modeling is not a new concept and approaches such as Microsoft's STRIDE are well known, companies have not internalized and adopted design related security controls with the same vigor.

Threat Modeling Presentation

The purpose of this presentation is to provide an understanding of what threat modeling is, why it is important, and champion its benefits.

Threat Modeling Presentration (Download PDF)
Presentation: Threat Modeling (2011), by Nathan Sportsman

Bake Security into the SDLC

Praetorian's threat modeling service helps identify over 75 percent of major security design flaws, reduces the scope of security code reviews to only those lines and components that matter, narrows and guides the focus of penetration tests, and minimizes the need for expensive code rewrites when problems are discovered.

Cost per defect in SDLC
Table: Cost per defect in SDLC (enlarge)

During a two- to four-day onsite workshop, Praetorian will conduct the following core activities with your development team: identify security objectives, understand the application, decompose the application, evaluate the potential threats, discuss compensating security controls, and finally identify and prioritize vulnerabilities.

Frequently Asked Questions

  1. How long does a threat modeling workshop typically last? Threat modeling "light" workshops typically last between two and five days. Longer term threat modeling exercises can go weeks, or even months. This "heavy" architecture analysis is typically requested and performed by larger enterprise software companies.

  2. Can threat modeling be conducted remotely? No. Because threat models are design-focused, they require heavy user interaction and whiteboards. Our team must be on-site when conducting a threat model.

  3. Who from the client's side needs to attend a threat model? For a threat model to be successful, key stakeholders who have intimate knowledge of the software product must attend. Titles typically present in the room include CTOs, VPs of Engineering, lead architects, and lead software developers.

Threat Modeling Methodology Overview

When leveraged early in the lifecycle of an application, threat modeling can uncover vulnerabilities in a design approach before a single line of code has been written. When utilized later in an application's lifecycle, threat modeling can quickly decompose a living application to identify architectural and design flaws that can be verified during code reviews and penetration testing.

Praetorian often recommends using a threat model to kick off large code review projects because the new understanding narrows the focus of the code review to the components that really matter and reduces scope of the total lines of code to review by up to 70 percent.

Threat modeling is a comprehensive activity that includes several distinct components. To ensure its effectiveness, we have developed a highly structured approach to the threat modeling process. During a two to four day onsite workshop, Praetorian will conduct the following core activities with your development team: identify security objectives, understand the application, decompose the application, evaluate the potential threats, discuss compensating security controls, and finally identify and prioritize vulnerabilities.