How Threat Modeling Can Improve Agile Development

How do attackers exploit applications? Simply put, they look for entry points not expected by the developer. By expecting as many potential entry points as possible, developers can build with security in mind and plan appropriate countermeasures.

This is called threat modeling. It’s an important activity in the design phase of applications, as it shapes the entire delivery pipeline. In this article, we’ll cover some basics of how to use threat modeling during development and beyond to protect cloud services.

Integrating threat modeling into the development processes

In any agile development methodology, when business teams start creating a user story, they should include security as a key requirement and appoint a security champion. Some planning factors to consider are the presence of private data, business-critical assets, confidential information, users, and critical functions. Integrating security tools in the continuous integration/continuous development (CI/CD) pipeline automates the security code review process that examines the application’s attack surface. This code review might include Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Infrastructure as a Code (IaC) scanning tools.

All these inputs should be shared with the security champion, who would then identify the potential security threats and their mitigations and add them to the user story. With this information, the developers can build in the right security controls.

This information also can help testers focus on the most critical threats. Finally, the monitoring team can build capabilities that keep a close watch on these threats. This has the added benefit of measuring the effectiveness of the security controls built by the developers.

Applying threat modeling in AWS

After the development phase, threat modeling is still an important activity. Let’s take an example of the initial access tactic from the MITRE ATT&CK framework, which addresses methods attackers use to gain access to a target network or systems. Customers may have internet-facing web applications or servers hosted in AWS cloud, which may be vulnerable to attacks like DDoS (Distributed Denial of Service), XSS (Cross-Site Scripting), or SQL injection. In addition, remote services like SSH (Secure Shell), RDP (Remote Desktop Protocol), SNMP (Simple Network Management Protocol), and SMB (Server Message Block) can be leveraged to gain unauthorized remote access.

Considering the risks, security teams should review their security architecture to ensure sufficient logging of activities, which would help identify threats.

Security teams can use the security pillar of AWS Well-Architected Framework, which will help identify any gaps in security best practices. Conducting such a self-assessment exercise will measure the security posture of the application across various security pillars – namely, Identity Access Management – to ensure there is no provision for unauthorized access, data security, networking, and infrastructure.

Although next-gen firewalls may provide some level of visibility to those who are accessing the applications from source IP, application security can be enhanced by leveraging AWS WAF and AWS CloudFront. These services would limit exposure and prevent potential exploits from reaching the subsequent layers.

Network architecture should also be assessed to apply network segmentation principles. This will reduce the impact of a cyberattack in the event one of its external applications is compromised.

As a final layer of protection against initial access tactic methods, security teams should regularly audit AWS accounts to ensure no administrator privileges are granted to AWS resources and no administrator accounts are being used for day-to-day activities.

When used throughout the process, threat modeling reduces the number of threats and vulnerabilities that the business needs to address. This way, the security team can focus on the risks that are most likely, and thus be more effective – while allowing the business to focus on truly unlocking the potential of AWS.

Author Bio

TCS

E-mail: raji.krishnamoorthy@tcs.com

Raji Krishnamoorthy leads the AWS Security and Compliance practice at Tata Consultancy Services. Raji helps enterprises create cloud security transformation roadmap, build solutions to uplift security posture, and design policies and compliance controls to minimize business risks. Raji, along with her team, enables organizations to strengthen security around identity access management, data, applications, infrastructure, and network. With more than 19 years of experience in the IT industry, Raji has held a variety of roles at TCS which include CoE lead for Public Cloud platforms and Enterprise Collaboration Platforms.

To learn more, visit us here.