To document the threats of your application, use a template that shows several threat attributes similar to the one below. The threat description and threat target are essential attributes. Leave the risk rating blank at this stage. This is used in the final stage of the threat modeling process when you prioritize the identified threat list. Other attributes you may want to include are the attack techniques, which can also highlight the vulnerabilities exploited, and the countermeasures that are required to address the threat.
Threat Description | Attacker obtains authentication credentials by monitoring the network |
---|---|
Threat target | Web application user authentication process |
Risk | |
Attack techniques | Use of network monitoring software |
Countermeasures | Use SSL to provide encrypted channel |
Threat Description | Injection of SQL commands |
---|---|
Threat target | Data access component |
Risk | |
Attack techniques | Attacker appends SQL commands to user name , which is used to form a SQL query |
Countermeasures | Use a regular expression to validate the user name, and use a stored procedure that uses parameters to access the database. |