The SDLC and threat modeling

What is the SDLC?

SDLC stands for Software Development Lifecycle, as you probably know. But what actually is it, what does it include, who is involved within the SDLC, and at what point can you introduce threat modeling? This blog aims to answer these questions, while sharing all the activities that happen in each stage, including how threat modeling fits in - and what teams can benefit. 

We will also cover common challenges in enterprise organizations, and how these can be overcome. It does not aim to be a catch-all for any possible scenario, and so some activities or teams may be missed from the below. The purpose is to give an idea of varying activities and how threat modeling augments these stages. 

Most people have seen an image like the one opposite at some point in relation to the software development lifecycle. What it symbolizes is a continuous loop of activity and refinement. After all, security is never a ‘one and done’ activity, but an evolving and iterative effort. Threat modeling is no different. 

Common challenges and activities 

Plan

The Teams: Engineering and Security Teams

Common Challenges: Scope creep can occur here if requirements and foundations are not properly defined and agreed. There is a risk of a lack of clear objectives, and poor communication which can lead to misalignment between stakeholders and a misunderstanding of the objectives or required outcomes.

Desired Outcomes: Gathering the requirements and analyzing initial findings to define a clear plan for the project’s success. 

Activities Involved: Feasibility and risk assessments, scope and objective definitions, budgeting and resource allocation for the project. 

How Threat Modeling Helps: If you threat model at the inception of a product, this will help to inform the overall project plan. In addition, if you are refining a product which already exists, then your threat modeling findings can contribute to effective planning decisions and increase your velocity. 

Build 

The Teams: Engineering Teams

Common Challenges: Tight deadlines and conflicting priorities make development work hard, whether it is building a new application, or debugging an existing system. Couple this with poorly defined requirements and a large number of tools or integrations in the build environment, and suddenly the pace and reliability of build is compromised.  

Desired Outcomes: Creation of secure software - which is secure by design with high code quality - and ultimately passes QA testing. 

Activities Involved: Writing, iterating and reviewing code, unit testing, code and peer reviews, automation testing, and possible performance improvements. 

How Threat Modeling Helps: It enables dev teams to build secure software right from the get go, before code is even written. Meaning they can have greater trust and security in what is being created, iterated, or tested. 

Integrate

The Teams: DevOps, QA Team, Security Team - plus possible others 

Common Challenges: Ununified interfaces can make integration difficult. Data formats, protocols and APIs can all result in challenges for combining various modules into an end product. As there can be many teams involved at certain points of the Integrations phase, miscommunication, lack of documentation or unclear responsibilities can hinder this process, which can in turn create bottlenecks and missed security issues.  

Desired Outcomes: A fully integrated system or product that meets all requirements whether they are security-focused, functional or performance-related. 

Activities Involved: Security testing and optimization, stakeholder reviews, integration validations and testing, plus configuration management.  

How Threat Modeling Helps: Additional security risks can be introduced during the integration phase, due to many components and modules interacting or coming together. Threat modeling allows for threats and vulnerabilities to be identified at this point, meaning the system being worked on continues to be as secure as possible. 

Deploy & Operate

The Teams: DevSecOps Teams, QA and Testing Teams

Common Challenges: Failed deployments, unexpected behaviors after deployment, service disruptions such as rollbacks or downtime, as well as scalability and performance issues. There could be discrepancies between environments or third party integrations too.

Desired Outcomes: A stable, secure, and fully functional system that meets user expectations and operates efficiently in the production environment. 

Activities Involved: Deploying software into a live environment, validating the production environment, addressing operational requirements or needs, monitoring performance, managing security, and collating user feedback. 

How Threat Modeling Helps: Not only should threat modeling identify any security risks in the production environment, but recommend strategies against attack vectors, while also guiding activities for implementing any incident response plans. 

Continuous Feedback

The Teams: DevOps, Design, Development, and Analytical Teams 

Common Challenges: An overload of data can be possible as there are a lot of data points to review and iterate during this stage which can be overwhelming across teams. In addition, there is reliance on gaining feedback and data in an accurate and timely way, if there are inaccuracies in user or system feedback this can cause delays. Finally, even with the most secure code, over time systems will naturally accumulate technical debt.

Desired Outcomes: High code quality to reduce that technical debt, faster iteration and improved system reliability. All of which result in satisfied end users.

Activities Involved: Ongoing product improvements, reviews of various data such as user feedback, logging and error reporting, as well as performance monitoring and other analysis to drive ongoing improvements and retain a high quality product.  

How Threat Modeling Helps: Threat modeling provides focus and prioritization to continuous activities, it is able to re-assess the iterations of a system to see if new vulnerabilities have been introduced, and if so, how to mitigate them. Essentially threat modeling provides a continuous feedback loop to allow remediation to happen faster, more effectively, all while creating the most robust possible system.  

Conclusion

There are a lot of moving parts within the SDLC, with many potential points of failure - as well as potential learnings of course. By adding threat modeling into stages of the lifecycle, teams can work on more focused activities, streamline processes and increase their overall security. Get started with automated threat modeling for free, by using Community Edition and creating up to three free threat models. 

‍