Your Challenges with Threat Modeling

Put security first

Data theft due to insecure applications – this presents a major challenge for many companies, especially with respect to globally increasing digitization. The hacker will find the security problems and vulnerabilities in the software with determination and will use them to his advantage. Data quickly disappears, is deleted, or is used for other purposes. This is why it is all the more important to put security in the company first and not lose sight of it.

Why do companies find the subject of security so difficult?

For a wide variety of reasons, the question of security for applications and systems in companies is only reluctantly included in a project:

  • Most of the time, the security requirement isn’t specified: “It should just be secure,” meaning as little effort as possible and at little cost.
  • The commissioned penetration testers only identify security gaps just before going live. This can delay the release of a new product considerably.
  • The appearance of unforeseen security requirements or problems can possibly cause major changes to the development process.
  • Company guidelines continuously require new security measures of applications and systems, making integration in the projects difficult from the beginning.
  • There is general uncertainty with respect to IT security in projects: “Where to start and how much security is really necessary?”
  • Applications and system are becoming more and more complex and make the inclusion of security a costly undertaking.
  • The short delivery cycles (continuous delivery) of software do not make it any easier to integrate security in the software development process and to practice DevSecOps.
  • The team lacks experience in how to deal with security requirements.
  • There is no understanding of the overall internal architecture.
  • There is a general lack of agreement as to whether security activities are more of a burden than added value.

The next problem is that new approaches are viewed rather critically by the developers:

  • There is skepticism towards a previously unfamiliar procedure such as Threat Modeling, for example. Therefore, the introduction of such procedures is met with resistance by the developers.
  • If it often unclear exactly how Threat Modeling fits into the development process (agile or waterfall, etc.) and how a threat model is to be incorporated into the existing development process.

But it is much more important to consider what a hacker can achieve with his attack: If a hacker attack occurs, not only will you loose valuable customer and/or company data (e.g. sensitive data such as names, credit card numbers, etc.), but your company’s reputation can also sustain lasting damage and trust in your software applications will be lost. Apart from this, there are substantial penalties for a violation of the General Data Protection Regulation: They are currently in the millions. And in the case of security in the company, it is like testing – the later the gap is found, the more expensive it will become for you.

Be one step ahead of the hacker and don’t give him any opportunity to steal your data any more!

What can help you with this? With Threat Modeling (threat analysis), not only are vulnerabilities in your process discovered, but you will be able to eliminate security deficiencies directly and quickly, and at the same time have proof of how secure your applications or systems are. Integrate Threat Modeling in your software development life cycle (SDLC) from the beginning and optimize your entire security concept.

What is Threat Modeling exactly and how can it help you? We will be happy to help you incorporate the matter of security in the software development process from the beginning with the aid of Threat Modeling. We will give you an overview of the process and show you the advantages as well.

The Advantages of Using Threat Modeling

Security is always a solution

Wherever sensitive data worth protecting is stored or processed, it should also be adequately protected. For precisely in times of digitization where cyber attacks are constantly increasing, data is a valuable asset that every company should handle with care. You can achieve this with a threat detection process like Threat Modeling, which can detect vulnerabilities in your software or process, and eliminate them at the same time. Take the first step together with us and be amazed at how easily you can take into account the security aspect of your applications. Security first or security by design is always worthwhile!

With Threat Modeling, you’re on the safe side

You’re right in the middle of development and it happens again: A hacker has cracked your system and stolen important information. Now you have to explain to your immediate superior (your CTO, IT manager, or managing director) how this happened and your team is undecided about how to improve the process. Instead of remaining angry, take action now. Put your skepticism about previously unknown methods aside. We are sure that it does you more harm than good to continue to put off security aspects in applications and systems!

Precisely because applications and systems are becoming increasingly more complex, have short delivery cycles (continuous delivery), and data is an asset to be protected, you should play it safe with your agile software development: With the help of Threat Modeling, you will develop concrete and testable requirements for security that can be implemented in the same way as business user stories. From the very beginning, you can integrate security in your software development process (“shift-left security”) and thus reduce the danger of hacker attacks. In addition, continuous delivery processes can also be modeled and vulnerabilities detected in them. We go even further: You can go into production without any known security risks and the expense of a penetration test will be reduced considerably. Not only will you make existing processes more secure, you will also simplify them. Because the earlier the vulnerabilities are detected, the cheaper it becomes for you. In addition, the German Federal Office for Information Security (BSI) recommends running Threat Modeling in their basic protection for web applications. Compliance with this BSI basic protection standard can help companies receive an ISO 27001 certification. Novatec also received this certification in 2020, and can thus ensure that information is processed and stored securely. Precisely in times of digitization and device networking in the Internet, information security is becoming increasingly more important.

From now on, you can incorporate Threat Modeling in each sprint and will be able to develop it (further) pragmatically and practically in an agile environment with each sprint. For example, a visual display with greater transparency will show you how secure your application or system is. You will detect potential attacks for your software application early on and will be able to implement requirements that include countermeasures to minimize them directly (mitigation). You’ll see: With Threat Modeling, the security awareness of all team members will increase and security will be taken into account from the beginning. Even more importantly: In the long term, your developers will be more productive and your projects will be implemented more efficiently, because there will be no unforeseen security requirements.

Threat Modeling is the right process for you to protect your company from hacker attacks!

We develop your optimal Threat Modeling process together

Our agile security experts will help you implement Threat Modeling. With us you will find out which area you should optimize in terms of security. We’ll provide in-depth understanding of how to use Threat Modeling to integrate security in the software development process as early as possible. You will always have a partner that you can contact with any question on the matter of security.

Institutions like the OWASP Foundation are working hard to improve the security of software. After our briefing, the developers and the PO will know how useful the OWASP tips are, will know the OWASP Top 10, and will learn how to protect your own application from such attacks.

We know many different methods and procedures that can help you eliminate your security gaps. We will discuss them with you in detail. First we want to give you some insight into how Threat Modeling works, and have a use case ready to give you a better understanding.

How Threat Modeling Works

Is it really more work for the team to carry out security activities? Is it complicated to integrate security requirements in the development process? We say “no” and will give you a clear example that shows that it pays off to think seriously about security and to include long-term security aspects in your agile projects.

Example of Threat Modeling in a finance tracker web app

You have several accounts at different financial institutions and therefore do not have a comprehensive overview of your finances. A company decides to develop a finance tracker web app. For this purpose, the web app stores your user names together with the login details for the bank accounts in a database. The finance tracker web app is hosted in an external cloud.

Our fictitious person, Maxi Mustermann (user), becomes aware of this finance tracker web app. In order to use the application, she has to register with a user name and a password. Here she asks herself whether her data is really stored securely.

What attacks are possible and how can the company protect itself from them? The company is aware of this risk and wants to ensure that its application is protected from attackers. The goal: Unauthorized persons must not be able to see Maxi Mustermann’s data, or worse yet, transfer money from her account to a third party.

How do we, as Novatec, proceed in such a case?

First, the processes and use cases are recorded: In order to use the application, Maxi Mustermann logs in to the finance tracker web app with user name and password. Here, the user name and password must be checked for correctness.

Use case: Login to finance tracker web app.
Source: Novatec internal

Next, the Threat Modeling process determines whether there are any potential threats, in order to protect Maxi Mustermann’s login details. An initial component of the process is the creation of a data flow diagram based on the existing architecture. Maxi Mustermann wants to log in to the finance tracker web app as user. Now the login service checks whether the user is even authorized to log in. The login service was implemented independently and does not follow any standards. To verify the login by Maxi Mustermann, the login service compares the data entered with that stored in the user database. Trust boundaries indicate the basis of trust between the individual components. Each component has another basis of trust. By default, at the beginning we do not trust any user that tries to log in to the finance tracker web app.

Data flow diagram with trust boundaries.
Source: Novatec internal

In the second step, the Threat Modeling process uses the STRIDE method to find potential threats. STRIDE is an acronym in which each letter stands for a threat category:

  • Spoofing identity: The attacker uses a false identity and can thus access or request confidential data.
  • Tampering with data: The attacker tampers with (persistent) data without authorization.
  • Repudiation: Repudiation refers to users that dispute an action without being able to prove the contrary.
  • Information disclosure: The attacker accesses confidential data. This could be files, persistent data from databases, information about the IT structure, or error messages.
  • Denial of service: The aim of the attacker is to use up all the resources of the server (computing time, storage capacity, etc.) and thus to inhibit the availability of the services offered.
  • Elevation of privilege: An unauthorized user obtains privileged access and thus has sufficient access rights to compromise or destroy the entire system.

These categories are now applied to the individual data flows. This way, it can quickly be detected if an attacker would be able to read or even tamper with the HTTP connection when logging in. In the same manner as with this first threat detected, additional vulnerabilities and risks are discovered by the Threat Modeling process and from them, countermeasures are worked out.

We recommend that you use HTTPS instead of HTTP and that you rely on current standards such as OpenID Connect, or at least use common libraries such as Spring Security for logging in.

Attack tree.
Source: Novatec internal

After the Threat Modeling process has been carried out, especially critical possibilities for attack are explained by so-called attack trees. Attack trees first determine the target of an attack, represented by the tree root. Next, possible intermediate targets are determined from this attack target. This takes us to the threat, which we can eliminate.

What does the attack target look like in our example mentioned above? An attacker wants to access the login details of Maxi Mustermann. Possible attacks on the finance tracker web app are based on the modeling of an example of a “Man-In-The-Middle” and a “Brute-Force” attack tree.

In the Threat Modeling process, all the stakeholders put themselves in the place of the attacker in order to identify many threat scenarios as quickly as possible. This is precisely where we can help you!

Our Threat Modeling Services

Close your security gaps with Threat Modeling

Start now to incorporate security in your development from the beginning and don’t try to “test it in” afterwards. You will be doing yourself and your development team a favor. Threat Modeling helps you close your security gaps in the long term and denies hackers the opportunity to steal important data from you. We show you how to integrate the process easily and comprehensibly in your development process!

Make your applications more secure step by step

Make the work of your developers easier and guarantee your customers the security of your data! From the inventory to status assessment, from the determination of requirements and security gaps, to the entire implementation – with the Threat Modeling process, we can make you fit in matters of security, one step at a time.

In a training session or workshop, we discuss with you which individual support you need in order to introduce Threat Modeling. This way, together we will find out quickly whether you need help in the implementation or whether we can be of assistance in the form of project-accompanying coaching.

To which extent is architecture documentation available and which stakeholders in your company have to be persuaded? Here as well, we will assist you in an advisory capacity from the beginning.

After our preliminary meeting, you will know not only what Threat Modeling is, but also what it can do and what advantages it holds for you. Don’t take any product “off the shelf”, but let us advise you individually and see for yourself what improves for you. Because your goal is our goal – for more security in your projects and a smooth software development process!

Where do you have threats and security gaps? In an interview or workshop, we work out an as-is analysis with you. Together we consider what to do to make your applications secure. Building on this, we will create a suitable threat model for you: We will show you a visual presentation of the process or architecture in order to give all your stakeholders a common understanding of security and Threat Modeling.

Here you may even receive a brief architecture review – depending on what we discover in the inventory. Apart from the matter of security, maybe we will find deficiencies in the architecture that can be corrected easily and quickly.

What do you want to achieve in the end? Together with you, we will establish your security goals in an interview or workshop.

Here you will receive an overview of which assets worth protecting, such as customer or company data, are critical for your company, and what the effects would be for you if they are threatened (e.g. stolen, published, or deleted).

In a workshop with the entire development team, we look for potential threats in your applications: Here we use the STRIDE or attack trees Threat Modeling methods that are easy to use and are also suitable for individuals who are not yet familiar with security.

From here we will create a list of specific threats that put your system at risk.

Based on the created list of threats, we identify your vulnerabilities in the system. Here we ask the question: Where are your systems and applications already secure and where do you still have open security gaps?

In a workshop, we work out a target/actual comparison in order to eliminate the risks and threats specifically and promptly, and deny the attacker another opportunity.

Together with you, we not only determine your risks and threats, but also arrange them in a priority list for the assets worth protecting.

Here you establish which measures are to be taken first and never lose the oversight. To determine the risks, existing methods of institutions such as the National Institute of Standards and Technology (NIST) can be used.

Which suitable countermeasures do we initiate to eliminate threats as quickly as possible, and when?

In this phase we have identified and prioritized the security gaps. Now we can create an exact schedule for when such countermeasures are to be implemented and how we can support you. Here we determine whether we are to help you in the implementation, or if we should perform the review of the implementation, which steps are to come in the next sprint, or which requirements are to be included in the sprint after the next – you set the pace!

In addition, we offer you the following workshops:

  • To make the typical OWASP Top 10 problems in your application transparent, we offer a Threat Modeling workshop with the entire developer team.
  • Just want to learn about different Threat Modeling options? We’ll support you with a workshop.
  • How does Threat Modeling fit into the sprint? We’ll demonstrate it for you in a workshop, or we’ll also be happy to coach your team (e.g. advice for the product owner or pairing with developers).

Incorporate security into your software development process

Put an end to prejudices and long discussions about how and when to optimally incorporate security into your software development process. With Threat Modeling, this problem is solved: You protect important data reliably and introduce application security to your sprints in an agile environment. This makes your applications transparent and secure from the beginning. We develop the threat model individually with you for your processes. Or do you want to make experts of your developers? This method can increase security awareness in all team members. We will gladly coach you during the implementation. If you want to know how to integrate security from the beginning in the field of IoT, you can learn more here.

Whatever you need to make your applications more secure – we are your agile security specialists!

Your contact


Christina Ott

Senior Consultant
Table of contents
Your direct contact Christina Ott Senior Consultant