Written by Laurent Dupont

Threat Modeling Trends and Insights from ThreatModCon 2024

Two of our threat modeling gurus, Sebastien Deleersnyder and Steven Wierckx, traveled to San Francisco in the United States for two reasons: An OWASP conference (Global AppSec 2024) as well as the world’s one and only threat modeling conference! It was held for the second year after an overwhelmingly successful first threat modeling conference in 2023, which was organized in both Washington DC and Lisbon.

For those who aren’t aware: Threat Modeling Connect is the organization behing ThreatModCon, where they set out to bring together AppSec professionals from across the globe. Cybersecurity experts, as well as new threat modeling enthusiasts from around the globe join the conversation to discuss the latest trends, techniques, and tools in threat modeling practices.

This unique event serves as a platform for sharing knowledge, fostering collaboration, enabling the security industry to embrace threat modeling as well as exploring innovative approaches to running a successful threat modeling program.

Below you can discover the highlights as Sebastien and Steven share their view on this unique event.

Key Takeaways: Threat modeling practices are a shifting landscape

One of the overarching themes at ThreatModCon this year was the increasing emphasis on collaboration and communication. Effective threat modeling requires a cross-functional approach, involving stakeholders from various teams within an organization. By fostering open dialogue and shared understanding, teams can identify and address risks more comprehensively.

Another significant trend is the growing integration of AI into threat modeling processes. While AI can automate certain tasks, such as generating attack trees or analyzing vulnerability data, human expertise remains indispensable for providing context, critical thinking, and ethical considerations.

Introduction by Brook Schoenfield

This particularly enlightening talk was given by one of the super heroes of application security and secure system development. Brook highlighted the benefits of establishing a centralized threat modeling team. By centralizing expertise and resources, organizations can ensure consistency, maintain a knowledge base, and foster a culture of security awareness. When planning to build software, businesses can benefit from having an internal one-stop shop for all their threat modeling needs.

The Unkeynote: A Discussion Among Friends on Advancing Threat Modeling

This unique panel session brought together some of the brightest minds in threat modeling to discuss the latest trends and challenges in the field. The speakers covered a range of topics, including the importance of communication and collaboration, the role of AI in threat modeling, and the future of the field.

Personal observation: This talk was a great way to kick off the conference and get a broad overview of the latest thinking in threat modeling. The panel discussion was lively and engaging, and I learned a lot from the experts.

Threat Modeling Volcanoes - Patterns of Dynamically Expandable Systems by Joern Freydank

The talk on Threat Modeling Volcanoes provided valuable insights into the unique challenges and considerations associated with dynamically expandable systems. The speaker, Joern Freydank, highlighted the importance of identifying edge cases and considering the potential vulnerabilities introduced by add-ons.

A key takeaway from the talk was the emphasis on understanding the different flavors of expandable systems, from internal installs to SaaS-based platforms. This categorization helps security teams tailor their threat modeling efforts to the specific characteristics of each system.

Personal observation: A Venn diagram featuring the controls and other elements was shown, which includes a wealth of valuable information. In the section on pitfalls, I believe that the behavioral pivots were particularly significant to understand and remember for any threat model.

Amplifying Downstream Value with Technology Captures and Layers by Brenna Leath

Brenna Leath’s talk highlighted the importance of creating reusable threat models for diverse audiences. By capturing technology information and presenting models in layers, security teams can improve efficiency and understanding and scale threat modeling programs.

Key takeaways include:

Technology captures provide a valuable knowledge base for future reference.
Layered views cater to different stakeholder needs, enhancing model usefulness.
Weighted approach ensures that models are tailored to the complexity of the system.

By adopting these strategies, we as infosec professionals can create more impactful and efficient threat models, strengthening their organization’s security program.

Personal Observation: This layered approach is particularly valuable for organizations with diverse security needs. By creating models that cater to different audiences, information security teams can significantly increase the return on investment (ROI) from their threat modeling efforts.

Making Threat Modeling More Natural Recommendations for Practitioners and Tool Developers by Ronald Thompson

Ronald Thompson’s research was one of the sessions covering how security experts who are performing threat modeling, identify threats and countermeasures in software design. His findings offer valuable guidance for development teams in increasing product security.

Key takeaways include:

Flexible process: Cyber security people use a flexible approach for brainstorming threats and controls.
Safety considerations: Integrating safety considerations remains challenging.
Process model: Thompson proposed a new process model for threat modeling.
Prototype tool: TMNT App can aid in threat modeling research.

Personal Observation: This was a great talk proving that research in academia can teach us immediate improvements in the way we do threat modelling. This is not just theory but can be put into practice immediately when you are on your journey to scale your threat modeling game. Pay specific attention on the application of this knowledge for tooling and how to use threat modeling tools to support the threat modeling process

Workshop: developing a TM mindset by Robert Hurlbut

Robert Hurlbut’s workshop provided an introduction to threat modeling. For those who are new to threat modeling, Robert started with an introduction to get everybody on the same page. Whether you are a software engineer, part of a group of security champions, or a security architect.

Key takeaways include:

Proactive approach: Threat modeling is a strategic and proactive approach to security.
Process steps: The process involves assembling a team, understanding the system, identifying threats, documenting findings, and reviewing regularly.
Threat identification: Use frameworks like STRIDE to identify potential threats.
Risk assessment: Evaluate the risk associated with each threat and prioritize mitigation efforts.
Documentation: Record threats, mitigations, risks, and action items.

Additional Tips

Think strategically: Consider attacker motivations and capabilities.
Use tools: Leverage frameworks like STRIDE and diagrams to streamline the process.
Stay active: Regularly review and update your threat model.

By adopting a threat modeling mindset, you can significantly improve your organization’s security posture and integrate threat modeling into your software development lifecycle (SDLC), turning it into a secure software development lifecycle (SSDLC).

Lessons learned: Finding a way to think about “what could go wrong?” can be supported by keeping attacker types in mind. This talk reminded us of the principle of “personas” in user stories that a software engineer uses to put a face to a specific end user of an application. Just like “Donna the Doctor” or “Remy the Receptionist” are in our list of personas, consider adding “Holly the Hacker” or “Adam the Activist”. It makes a security threat easier to imagine.

Online Training

We regularly organize online threat modeling courses for software developers, architects, system managers, and security professionals. We converted our Black Hat edition training to an online action-packed 1 day training with hands-on workshops covering real live use cases to learn how to do practical threat modeling. It will bootstrap and elevate your security knowledge and threat modeling skills.

FIND OUT MORE

Threat Modeling Playbook

You need a game plan to bootstrap or improve your threat modeling practice. We will explain how to do this and will provide your with our OWASP Threat Modeling Playbook. Find out more and download your playbook here.

DOWNLOAD THE PLAYBOOK

Automating Threat Modeling Challenges and AI Solutions by Audrey Long

Audrey Long’s presentation explored the potential of leveraging Artificial Intelligence in various aspects of threat modeling. While combining AI and threat modeling seems to offer a way to enable rapid threat elicitation through automation, it also presents challenges that must be carefully addressed:

Limitations of Traditional Threat Modeling

Audrey highlighted the limitations of both manual and modern threat modeling tools. Manual threat modeling is time-consuming, prone to human error, and struggles with scalability. Modern tools often rely on outdated algorithms and lack contextual understanding, limiting their effectiveness.

AI to the Rescue ?

Large Language Models (“LLMs”) can address some of these limitations by helping to find mitigations and threats, review threat models, and analyze architectures from images. In an ideal world, this can significantly reduce the time and effort required for threat modeling, allowing for more efficient and scalable security practices.

Considerations

Prompt engineering: Crafting effective prompts for AI models is crucial for accurate and relevant results.
Fine-tuning: Training AI models requires high-quality data and computational resources.
Keeping up with technology: The rapid pace of AI development requires continuous learning and adaptation.
Validation: LLMs are getting better at understanding and reasoning, but they will inevitably create output that isn’t correct (a.k.a. “hallucinating”).

Conclusion

AI has the potential to revolutionize threat modeling by automating tasks by brainstorming to speed up the process of threat elicitation. However, organizations must carefully address the challenges associated with “hallucinations” and still require a threat modeler to validate.

Conclusion

As the threat landscape continues to evolve, threat modeling must adapt to meet new challenges. By embracing collaboration, leveraging AI responsibly, and staying informed about emerging trends, organizations can strengthen their security posture and protect their valuable assets.