Tuesday 13 December 2016

Threat Model per Feature

Creating and following a threat model for a feature is a great way to understand a threat model journey.

First, take a very specific path, a very specific new feature that you are adding, or take a property, such as a new field, or a new functionality.

Next, you want to create a full flow of that feature. Look at the entry point and the assets, and look at what is being used in that feature.

Now, you can map the inputs of the feature; you can map the data paths given by the data schema, and then you follow the data.

You can see for example how the data go into the application, what it ends up with, who calls who. This means you have a much tighter brief, and a much better view of the situation.

(from SecDevOps Risk Workflow book, please provide feedback as an GitHub issue)