Your company is engineering an information system to support the new business of selling toys online. As a security professional, you are working with the development team to review the design for flaws in the threat modeling process. Which of the following will you LEAST use in the process of identifying potential threats or design flaws?
A. Misuse case
B. STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege)
C. DREAD (Damage, Reproducibility, Exploitability, Affected Users, and Discoverability)
D. CWE (Common Weakness Enumeration)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. DREAD (Damage, Reproducibility, Exploitability, Affected Users, and Discoverability).

Threat Modeling

A threat is a risk with a negative impact if it happens. A threat can be modeled using the NIST generic risk model, ISACA risk scenario, risk meta language from Dr. David Hillson, and the like.

Threat modeling is the practice of risk management; it’s common to conduct threat modeling in software projects. Threat modeling identifies, analyzes, evaluates, and handles potential threats or design flaws.

Risk Identification

Risk identification is the process of discovering, expressing, and documenting risks to produces a list of risks or risk register as the output.

CWE as Identification Tools/Techniques

CWE is a community-developed list of common software security weaknesses. It serves as a common language, a measuring stick for software security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.

CWE (Common Weakness Enumeration) can be used as a checklist or industry knowledge base to identify risks.


Misuse/Abuse case as Risk Expression Tool

Use cases specify required behaviour of software and other products under development, and are essentially structured stories or scenarios detailing the normal behavior and usage of the software. A Misuse Case on the other hand highlights something that should not happen (i.e. a Negative Scenario) and the threats hence identified, help in defining new requirements, which are expressed as new Use Cases.

STRIDE as Documentation Tool

STRIDE is a risk categorization scheme to categorize the risks identified.

  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Elevation of Privilege

DREAD used in Risk Analysis

Risk analysis includes two parts: likelihood and impact. It is used after the risk identification process.

  • Damage: likelihood
  • Reproducibility: likelihood
  • Exploitability: likelihood
  • Affected Users: impact
  • Discoverability: impact




Leave a Reply