Skip to content
Catalogs
XCCDF
Application Security and Development Security Technical Implementation Guide
SRG-APP-000516
Threat models must be documented and reviewed for each application release and updated as required by design and functionality changes or when new threats are discovered.
Threat models must be documented and reviewed for each application release and updated as required by design and functionality changes or when new threats are discovered. An XCCDF Rule
Threat models must be documented and reviewed for each application release and updated as required by design and functionality changes or when new threats are discovered.
Medium Severity
<VulnDiscussion>Threat modeling is an approach for analyzing the security of an application. It is a structured approach that enables you to identify, quantify, and address the security risks associated with an application. Threat modeling is not an approach to reviewing code, but it does complement the security code review process.
Threat modeling can optimize application security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system.
The lack of threat modeling will potentially leave unidentified threats for attackers to utilize to gain access to the application. To execute a threat model you should do the following:
- Decompose the Application. The first step in the threat modeling process is gaining an understanding of the application and how it interacts with external entities. This includes identifying application components such as web server, application server, database server and languages used by the application. It also includes identifying network connections and the means utilized to access the application.
- Determine and rank threats. Use a threat categorization methodology to understand the different threat categories.
E.g., Auditing, authentication, configuration management and data protection. The goal of the threat categorization is to help identify threats both from the attacker perspective and the defensive perspective.
- Determine countermeasures and mitigation. A lack of protection against a threat might indicate a vulnerability whose risk exposure could be mitigated with the implementation of a countermeasure.
Countermeasures could include using application firewalls, IDS/IPS to block or identify known attacks against the architecture and alarming on audit log events.
Refer to the OWASP website for additional details on application threat modeling.
https://www.owasp.org/index.php/Application_Threat_Modeling</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>