Online Dating Security + 🇩🇪 TMC DACH Threat Modeling Feierabend

Events
2

:us: :uk: English? Ahead! :de: Deutsch? Lies hier.

:one: :thunder_cloud_and_rain: :umbrella: :de: :austria: :switzerland: First collaborative Threat Modeling of TMC DACH!

17 Participants threat modeled Online Dating
17 Participants threat modeled Online Dating1536×697 67.5 KB

On Tuesday, 22.04.2025, 17 threat modeling enthusiasts met for the 1st Threat Modeling Feierabend (after work) of the German-speaking TMC chapter for the DACH region. There were participants from a wide range of backgrounds: Beginners, people with little experience and professionals. What they all had in common was that Threat Modeling was close to their hearts. :heart:

The aim of the “Threat Modeling Feierabend” format is to subject a simple system to threat modeling in a relaxed atmosphere. In doing so, a :hammer_and_pick: Threat modeling method meets a :computer: topic.

Since both are easily accessible, even people without threat modeling experience can jump right in.

It quickly became clear that hearts played a role: :heart_with_arrow::broken_heart: The threat analysis system was an online dating platform like Tinder or Grindr!

:hammer_and_pick: Methods of the evening - :airplane_departure: :arrow_forward: ready to go in less than 30 minutes

What we didn’t want to do was spend an entire evening debating how we actually want to threat-model. Instead, we let ourselves be challenged by Chris Romeo’s @edgeroute rule:

“It is not allowed to talk about Threat Modeling for more than 30 minutes until people have to threat model”

Chris Romeo's Rule
Chris Romeo's Rule1920×1200 133 KB

The methods of the evening, selected and presented by Hendrik Ewerlin @hewerlin :
(All the :de: German slides: Threat Modeling Feierabend - Online Dating im Tinder-Stil)

  • 4 Question Framework by Adam Shostack @adamshostack
  • ThreatPad Online Editor for :thunder_cloud_and_rain: threats and :umbrella: mitigations - see also Meet ThreatPad and ThreatPad
  • Prepared system model - see below
  • STRIDE
  • Safety
  • NIST Cyber Security Framework

4 Question Framework for Threat Modeling
4 Question Framework for Threat Modeling1920×1200 143 KB

Day at the beach tutorial in ThreatPad
Day at the beach tutorial in ThreatPad1920×1200 205 KB

This is inspired by this post by @AppSecSeanner

The example threat shows someone worried about forgetting swim suit. Suggested mitigations are :wastebasket: buy new :white_check_mark: packing list :star: go to beach where you can swim naked (and, related, safe money so we can afford to buy new)

STRIDE slide about Information Disclosure, with beautiful images from ThoughtWorks
STRIDE slide about Information Disclosure, with beautiful images from ThoughtWorks1920×1200 169 KB

Mitigation strategies from NIST Cyber Security Framework
Mitigation strategies from NIST Cyber Security Framework1920×1200 132 KB

Illustrating the NIST strategies:
:locked: make harder / prevent (as part of protect)
:rescue_worker_s_helmet: reduce harm (as part of protect)
:video_camera: detect
:fire_extinguisher: respond
recover (:star_struck: with super beautiful German word wiedergutmachen: make-good-again)

System model as a start-up aid

The system model was already provided as a starting aid. The advantage: full focus on :thunder_cloud_and_rain: threats and :umbrella: measures. And: Few technical details were required for the threat analysis, although these were also well reflected in the threats later on. Real-life threats were clearly part of the analysis.

The first model shows the process of how two users come into contact on the platform. The individual stages ( #AuthN, #Profile = #Profil, #Location = #Standort, #Discovery = #Erkunden, #Swiping = #Swipen, #Matches, #Chat, #Dating ) structure the threat identification as keywords.

Online Dating flow diagram
Online Dating flow diagram1920×1200 123 KB

The second model sorts the same topics into an architectural view and shows a classic user - client - service - server - database architecture with client distribution via an app store. A few naive threat actors are also introduced and named to offer words for the conversation.

Online Dating platform architecture
Online Dating platform architecture1920×1200 137 KB

:thunder_cloud_and_rain: :umbrella: :smiley: :smiley: :smiley: :smiley: :smiley: :multiply: :three: Collaborative Threat Modeling

Then 3 teams of 5-6 people got together in break-out rooms. They identified :thunder_cloud_and_rain: threats and :umbrella: mitigations. Lilith, Laura and Hendrik moderated the rooms.

Participants saw a screen like this: On the left, the ThreatPad, where :thunder_cloud_and_rain: threats and :umbrella: mitigations were interactively written down from the lively conversation. On the right, a collage of system model and methods. Because ThreatPad is so slim, it takes up little space and leaves enough room for context while sharing the screen. Since only the current threat is shown, the discussion is focused… (well, more or less :wink:)

Screen share: ThreatPad + system model + methods
Screen share: ThreatPad + system model + methods1920×1080 191 KB

All three discussions were lively, bubbly and produced exciting threats and mitigations! We would like to thank all our participants for the great encounter and the stimulating experience and results! :kissing_heart: :pray:

After an initial round, the most important findings and threats were presented in a joint session. Then it was time for the final spurt of countermeasures. It was pointed out once again that these can be quite diverse and are not always just avoidance or mitigation. Timely recognition or correction, making amends, also play a role. We were able to see how system providers can also make their users’ lives safer outside of the software by offering additional functions or information.

:thunder_cloud_and_rain: :umbrella: :checkered_flag: Results

:de: Here is the results als ThreatPad PDF-Export, raw, without post processing :de:

:us: :uk: We have had AI translate our results and were not really satisfied to present you that stuff. Stay tuned, as we will share some more of our insights on the content level… :soon_arrow: (If you can’t wait, you may want process the results yourself.)

The results are particularly impressive considering the limited time: 2x30 minutes. Also bear in mind that people from different backgrounds worked together for the first time.
Impressive! :star2: You guys are awesome!!! :muscle::brain:
Risk assessment, threat ranking or determining the essence was not part of the evening.
:question: What are your findings?

:speech_balloon: Final exchange

In the concluding discussion, Christoph expressed what everyone was thinking: That it is clearly recognizable how valuable it is to look at things together and that this brings up a variety of perspectives! :new: Surprisingly, despite intensive preparation, the organizers were also able to learn a lot of new things.

One very important question came up at the end. This is often asked when teams start out with threat modeling: “What tools do I need?” Ron’s answer: a sheet of paper and a simple list like Excel. Sure, tools for automation and organization help, but a picture of “What are we working on?”, a list of “What can go wrong?” and “What do we want to do about it?” often works wonders. We can start simple and then get better…

:fast_forward: Next event: May 20th :cloud: Threat Modeling the Clouds with OWASP Cumulus and Christoph Niehofff

The evening flew by and we are looking forward to the next one! After our successful founding meeting and the first Threat Modeling Feierabend, you can now look forward to the next event from our chapter! TMC DACH: :cloud: OWASP Cumulus and security games - Threat Modeling Feierabend with Christoph Niehoff, the creator of OWASP Cumulus, on Mai 20th 2025 from 5 pm via Zoom. The event language is German. :de:

3 Likes