
Accelerate your threat modeling with GenAI
This blog explores using Amazon Bedrock to automatically analyse threats of your applications, with proposed remediations to accelerate your application threat modeling process.
For those audiences who want to implement the solution right away to experiment automatic threat modeling baseline, visit this Github repo: https://github.com/build-on-aws/threat-model-accelerator-with-genai
Here's a quick video to show the Web App implementation process, and how does the GUI look like:
- Risk identification: It lets you spot risks before they become real problems. You can't fix what you can't see, so threat modeling gives you that visibility.
- Prioritization of security efforts: With limited resources, it helps you prioritize the biggest threats first. You can't boil the ocean, so focus on the vital areas.
- Secure system design: Baking security in from the start is way easier than trying to bolt it on later. Threat modeling guides secure design principles.
- Compliance and regulatory requirements: Many industries require threat modeling to prove you're taking security seriously.
- Continuous improvement: Threats keep evolving, so your defences need to evolve too. Regularly revisiting threat models keeps you ahead of the curve.
- Incident response and risk management: In case a breach happens, good threat models provide a baseline for containment and recovery. They're invaluable for incident response.
- Strong analysis capability on text based file: In this solution, we are not starting from scratch but to use existing template files (e.g. json or yaml files of CloudFormation, Terraform templates, or even OpenAPI template files) that describe the application architecture and relevant security settings (e.g. security groups of EC2, IAM permission definitions, ...). This aligns with GenAI’s native strength backed by large language models.
- Automatic threats discovery: GenAI is capable to identify common security threat patterns from the application template files, which accelerates threat discovery, as well as remediation recommendations. With Amazon Bedrock, you can receive an automatically generated threat model in seconds once you’ve set up this solution.
- Customization with your data: You are able to customize the system prompt of the solution, or even consider to build additional RAG (Retrival-Augmented Generation) based on the solution to utilise existing threat modeling documentations within your organization to allow GenAI to generate a more precise and relevant threat models for your applications.
- [1] User launches the Streamlit web app
- [2] User uploads an application template file to the web app
- [3] Web app interacts with Amazon Bedrock to automatically generate a threat model based on the application template
- [4] Web App presents a stats of the threat model that aligns with the STRIDE model, with relevant remediations to mitigate those threats. User can also download the threat model data into a json file.
https://github.com/build-on-aws/threat-model-accelerator-with-genai
You need to use the AWS API access keys (e.g. ‘aws_access_key_id’ and ‘aws_secret_access_key’) from an IAM user with sufficient permissions to interact with Amazon Bedrock service. (You will also need ‘aws_session_token’ if you are using an IAM role rather than an IAM user).
Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.