SlideShare une entreprise Scribd logo

Threat Modeling And Analysis

Télécharger en tant que PPTX, PDF
Lalit Kale
Lalit Kale

This presentation is part of one of talk, I gave in Microsoft .NET Bootcamp. The contents are slightly edited to share the information in public domain. In this presentation, I covered the significance and all related theory of Threat modeling and analysis.This presentation will be useful for software architects/Managers,developers and QAs. Do share your feedback in comments.

Technologie
1  sur  26
Application Security-II Threat Modeling and Analysis Lalit Kale lalitkale@gmail.com http://lalitkale.wordpress.com
Overview • Introduction • Why Threat Modeling? • Application Decomposition • Threat Mapping • Calculating Risks • Planning Threat Response & Risk Mitigations • Best Practices in Threat Modeling • Tools • Resources 2
Introduction-Basic Terminology • Asset: A resource of value, such as the data in a database or on the file system. A system resource. • Threat: A potential occurrence, malicious or otherwise, that might damage or compromise your assets. • Vulnerability: A weakness in some aspect or feature of a system that makes a threat possible. Vulnerabilities might exist at the network, host, or application levels. • Attack (or exploit): An action taken by someone or something that harms an asset. This could be someone following through on a threat or exploiting a vulnerability. • Countermeasure: A safeguard that addresses a threat and mitigates risk. 3
What is Threat Modeling? • A Strategic framework for planning application security aspect in system design phase • Identify, understand, and mitigate threats most likely to affect the system • Can be practiced for both new applications as well as on existing ones 4
Why Threat Modeling? • Cannot build a secure system until you understand threats to system • Find security bugs early (and complex bugs) • Address threats in logical order according to greatest risk • Reduce overall risk by mitigating important threats • How do you know when application is “secure enough”? 5
Why Threat Modeling? • Helps better understand your application • Justification for security features and relation to identified threat • Clearly documented assumptions and/or consequences • Testers can specifically test against known threats • Helps prevent duplication of security efforts 6
Threat Modeling in Microsoft SDL 7
Types of Threat Modeling • Attacker Centric • • Software Centric • • Starts with an attack and evaluates the goals and how attackers might achieve them Starts from the design of system and attempts to step through a model of system, looking for types of attacks against each element of the model Asset Centric • Involves starting from assets entrusted to a system, such as a collection of sensitive personal information 8
Threat Modeling Phases Application Decomposition Threat Mapping Threat / Risk Rating Threat Response & Mitigations 9
Application Decomposition • Threat Response & Mitigations For instance, DFDs and Use Cases are useful • Threat / Risk Rating The type of diagram is not important, but it should focus on data and how it flows through the system • Threat Mapping Use modelling diagrams for a visual representation of how the subsystems operate and work together • Application Decomposition But don’t go too deep - 2 or 3 levels is enough 10
Application Decomposition 1. Logical architecture 5. Physical deployment 6. Technologies 7. Identify assets 8. Mark trust boundaries 9. Identify data flows, entry points, and assumptions 10. Threat Response & Mitigations Function 4. Threat / Risk Rating Create an architecture overview 3. Threat Mapping Define scope 2. Application Decomposition Make note of privileged code 11
Identifying Threats • Threat Response & Mitigations Compare application to common threats • Are Cross-Site Scripting (XSS) attacks relevant? • Is canonicalization an issue? • Can user sessions be hijacked? • … • Threat / Risk Rating Ask questions with regards to attacker goals • Can the user’s identity be spoofed? • Can data be accessed without authorization? • Can the system be easily blocked? • … • Threat Mapping Analyse each aspect of the architecture/design • Application Decomposition Use structured methods to identify threats 12
Identifying Threats Application Decomposition Threat Mapping Threat / Risk Rating Threat Response & Mitigations • To identify threats or goals, ask the following questions: • How can the adversary use or manipulate the asset to modify or control the system? • Retrieve information within the system? • Manipulate information within the system? • Cause the system to fail or become unusable? • Gain additional rights? • Can the adversary access the asset • Without being audited? • And skip any access control checks? • And appear to be another user? 13
STRIDE Model Application Decomposition Threat Mapping Threat / Risk Rating Threat Response & Mitigations • A common model for classifying attacker goals is the STRIDE model: • Spoofing – Posing as another user, component, or external system that should be identified by the system • Tampering – Unauthorized modification of data • Repudiation – Denying performing an action without the system being able to prove otherwise • Information Disclosure – Exposure of protected data to an unauthorized user • Denial of Service – Disallowing valid users to access the system • Elevation of Privileges – Gaining privileged access by a lower privileged user 14
Threat Tree Application Decomposition Threat Mapping Threat / Risk Rating Threat Response & Mitigations • Method to explore valid attack paths • Represents conditions needed to exploit the threat • Determine all the combined vulnerabilities associated with a threat • Focus on mitigating the vulnerabilities that form the “path of least resistance” 15
Documenting Threats • Application Decomposition Threat Mapping Threat / Risk Rating Threat Response & Mitigations Each threat should be documented with 1. Title 2. Target component 3. Vulnerability Categorization(s) (e.g. STRIDE) 4. Attack techniques (e.g. threat tree) 5. Risk 6. Mitigation 16
Calculating Risks: RPD Model • Application Decomposition Threat Mapping Threat / Risk Rating Threat Response & Mitigations How do I measure risk? • • Use a structured methodology Predefine general values to avoid confusion • Record the calculated risk • Simple formula: • Risk = Probability * Damage Potential • • • • Define expected damage for each value Divide scale in three bands: High, Medium, Low Simple, yet lacking dimension Not always easy to agree… 17
Calculating Risks: DREAD Model Application Decomposition Threat Mapping Threat / Risk Rating • Another method for determining risk is DREAD model • Damage potential – How great is the damage if the vulnerability is exploited? • Reproducibility – How easy is it to reproduce the attack? • Exploitability – How easy is it to launch an attack? • Affected users – As a rough percentage, how many users are affected? • Discoverability – How easy is it to find the vulnerability? • Risk = Min(D, (D+R+E+A+D) / 5) • Threat Response & Mitigations Agree beforehand on values of each factor 18
Threat Resolution & Risk Mitigation • Application Decomposition Threat Mapping Threat / Risk Rating Threat Response & Mitigations Threats can be resolved by • • • • Risk Acceptance - doing nothing Risk Transference - pass risk to an externality Risk Avoidance - removing the feature/component that causes the risk Risk Mitigation - decrease the risk • Mitigation strategies should be examined for each threat • Mitigations should be chosen according to the appropriate technology • Resolution should be decided according to risk level and cost of mitigations 19
Best Practices in Threat Modeling • Use structured & consistent methodologies • Predefine and agree on risk ratings that work for you • Include all relevant shareholders in TM discussions: • Security • Architecture / Design • Coding • • Testing Don’t let TM discussions to degenerate to finding solutions before the threats have been fully identified 20
Best Practices in Threat Modeling • Don’t model too deep – don’t get carried away in the details • Document TM results so they could be used later on for: • • Similar products / systems • • Next versions Education Use common attack libraries / patterns for consistency and additional ideas e.g. http://www.owasp.org/index.php/Category:Attack • Always remember – its never too late for Threat Modeling! 21
Threat Modeling Tools • The Threat Analysis and Modeling Tool (TAM): • is an asset-focused tool designed for LOB applications. • It is used for applications for which business objectives, deployment pattern, and data assets and access control are clearly defined. • The focus of the tool is to understand the business risk in the application, help identify controls needed to manage that risk, and protect the assets. 22
Threat Modeling Tools • The SDL Threat Modeling Tool: • is a software-focused tool designed for rich client/server application development (for example, Windows and SQL Server, among others) • The tool assumes the final deployment pattern of the product is unknown (that is, if it will be used to manage business-critical applications with customer credit cards or not), so the focus of the tool is to ensure security of the software’s underlying code. 23
Summary Application Decomposition •Define scope •Create an architecture overview •Function •Logical architecture •Physical deployment •Technologies •Identify assets •Mark trust boundaries •Identify data flows, entry points, and assumptions •Make note of privileged code Threat Mapping •Identifying Threats •Use STRIDE Model •Creating Threat Tree •Documenting each Threat Calculate Risks •Use Risk = Probability * Damage Potential •Use Risk = Min(D, (D+R+E+A+D) / 5) Threat Resolution and Risk Mitigation •Risk Acceptance - doing nothing •Risk Transference - pass risk to an externality •Risk Avoidance - removing the feature/component that causes the risk •Risk Mitigation - decrease the risk •Mitigation strategies should be examined for each threat •Mitigations should be chosen according to the appropriate technology •Resolution should be decided according to risk level and cost of mitigations 24
Resources • OWASP (Open Web Application Security Project): https://www.owasp.org • Microsoft Security: http://www.microsoft.com/security http://www.Microsoft.com/sdl • Wikipedia: http://en.wikipedia.org/wiki/Threat_model 25
Lalit Kale lalitkale@gmail.com http://lalitkale.wordpress.com . This presentation is shared under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International license. More information for this license is available at http://creativecommons.org/licenses/by-nc-sa/4.0/ All trademarks are the property of their respective owners. Lalit Kale makes no warranties, express, implied or statutory, as to the information in this presentation.

Recommandé

Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_applicationUmut IŞIK
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Threat Modeling Using STRIDE
Threat Modeling Using STRIDEThreat Modeling Using STRIDE
Threat Modeling Using STRIDEGirindro Pringgo Digdo
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingPriyanka Aash
 

Recommandé

Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_applicationUmut IŞIK
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Threat Modeling Using STRIDE
Threat Modeling Using STRIDEThreat Modeling Using STRIDE
Threat Modeling Using STRIDEGirindro Pringgo Digdo
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingPriyanka Aash
 
Secure Coding and Threat Modeling
Secure Coding and Threat ModelingSecure Coding and Threat Modeling
Secure Coding and Threat ModelingMiriam Celi, CISSP, GISP, MSCS, MBA
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
[Warsaw 26.06.2018] SDL Threat Modeling principles
[Warsaw 26.06.2018] SDL Threat Modeling principles[Warsaw 26.06.2018] SDL Threat Modeling principles
[Warsaw 26.06.2018] SDL Threat Modeling principlesOWASP
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modelingsedukull
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat ModelingNarudom Roongsiriwong, CISSP
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingRochester Security Summit
 

Contenu connexe

Tendances

Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
[Warsaw 26.06.2018] SDL Threat Modeling principles
[Warsaw 26.06.2018] SDL Threat Modeling principles[Warsaw 26.06.2018] SDL Threat Modeling principles
[Warsaw 26.06.2018] SDL Threat Modeling principlesOWASP
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modelingsedukull
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 

Tendances (20)

Secure Coding and Threat Modeling
Secure Coding and Threat ModelingSecure Coding and Threat Modeling
Secure Coding and Threat Modeling
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
[Warsaw 26.06.2018] SDL Threat Modeling principles
[Warsaw 26.06.2018] SDL Threat Modeling principles[Warsaw 26.06.2018] SDL Threat Modeling principles
[Warsaw 26.06.2018] SDL Threat Modeling principles
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modeling
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 

Similaire à Threat Modeling And Analysis

Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart WaySecurity Innovation
 
chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information SystemsKashfUlHuda1
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
What is Threat Modeling .pptx
What is Threat Modeling .pptxWhat is Threat Modeling .pptx
What is Threat Modeling .pptxInfosectrain3
 
2016 06 03_threat_mgmt like a boss
2016 06 03_threat_mgmt like a boss2016 06 03_threat_mgmt like a boss
2016 06 03_threat_mgmt like a bossrbrockway
 
Microsoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobileMicrosoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobileVijayananda Mohire
 
Implementing AppSec Policies with TeamMentor
Implementing AppSec Policies with TeamMentorImplementing AppSec Policies with TeamMentor
Implementing AppSec Policies with TeamMentortmbainjr131
 
The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...franco_bb
 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesBlack Duck by Synopsys
 
System Security Beyond the Libraries
System Security Beyond the LibrariesSystem Security Beyond the Libraries
System Security Beyond the LibrariesEoin Woods
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Michael Hidalgo
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 

Similaire à Threat Modeling And Analysis (20)

Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security Risk
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart Way
 
chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systems
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
Null bachav
Null bachavNull bachav
Null bachav
 
What is Threat Modeling .pptx
What is Threat Modeling .pptxWhat is Threat Modeling .pptx
What is Threat Modeling .pptx
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
Module 6.pptx
Module 6.pptxModule 6.pptx
Module 6.pptx
 
2016 06 03_threat_mgmt like a boss
2016 06 03_threat_mgmt like a boss2016 06 03_threat_mgmt like a boss
2016 06 03_threat_mgmt like a boss
 
Microsoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobileMicrosoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobile
 
Implementing AppSec Policies with TeamMentor
Implementing AppSec Policies with TeamMentorImplementing AppSec Policies with TeamMentor
Implementing AppSec Policies with TeamMentor
 
The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...
 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best Practices
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1
 
System Security Beyond the Libraries
System Security Beyond the LibrariesSystem Security Beyond the Libraries
System Security Beyond the Libraries
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 

Plus de Lalit Kale

Serverless microservices
Serverless microservicesServerless microservices
Serverless microservicesLalit Kale
 
Develop in ludicrous mode with azure serverless
Develop in ludicrous mode with azure serverlessDevelop in ludicrous mode with azure serverless
Develop in ludicrous mode with azure serverlessLalit Kale
 
Introduction To Microservices
Introduction To MicroservicesIntroduction To Microservices
Introduction To MicroservicesLalit Kale
 
Dot net platform and dotnet core fundamentals
Dot net platform and dotnet core fundamentalsDot net platform and dotnet core fundamentals
Dot net platform and dotnet core fundamentalsLalit Kale
 
Code refactoring
Code refactoringCode refactoring
Code refactoringLalit Kale
 
Application Security Tools
Application Security ToolsApplication Security Tools
Application Security ToolsLalit Kale
 
Application Security-Understanding The Horizon
Application Security-Understanding The HorizonApplication Security-Understanding The Horizon
Application Security-Understanding The HorizonLalit Kale
 
Coding guidelines
Coding guidelinesCoding guidelines
Coding guidelinesLalit Kale
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelinesLalit Kale
 
State management
State managementState management
State managementLalit Kale
 
Implementing application security using the .net framework
Implementing application security using the .net frameworkImplementing application security using the .net framework
Implementing application security using the .net frameworkLalit Kale
 
Data normailazation
Data normailazationData normailazation
Data normailazationLalit Kale
 
Versioning guidelines for product
Versioning guidelines for productVersioning guidelines for product
Versioning guidelines for productLalit Kale
 
Bowling Game Kata by Robert C. Martin
Bowling Game Kata by Robert C. MartinBowling Game Kata by Robert C. Martin
Bowling Game Kata by Robert C. MartinLalit Kale
 
Domain Driven Design
Domain Driven DesignDomain Driven Design
Domain Driven DesignLalit Kale
 
Web 2.0 concept
Web 2.0 conceptWeb 2.0 concept
Web 2.0 conceptLalit Kale
 
Jump Start To Ooad And Design Patterns
Jump Start To Ooad And Design PatternsJump Start To Ooad And Design Patterns
Jump Start To Ooad And Design PatternsLalit Kale
 
How To Create Strategic Marketing Plan
How To Create Strategic Marketing PlanHow To Create Strategic Marketing Plan
How To Create Strategic Marketing PlanLalit Kale
 
Model Driven Architectures
Model Driven ArchitecturesModel Driven Architectures
Model Driven ArchitecturesLalit Kale
 

Plus de Lalit Kale (20)

Serverless microservices
Serverless microservicesServerless microservices
Serverless microservices
 
Develop in ludicrous mode with azure serverless
Develop in ludicrous mode with azure serverlessDevelop in ludicrous mode with azure serverless
Develop in ludicrous mode with azure serverless
 
Introduction To Microservices
Introduction To MicroservicesIntroduction To Microservices
Introduction To Microservices
 
Dot net platform and dotnet core fundamentals
Dot net platform and dotnet core fundamentalsDot net platform and dotnet core fundamentals
Dot net platform and dotnet core fundamentals
 
Code refactoring
Code refactoringCode refactoring
Code refactoring
 
Application Security Tools
Application Security ToolsApplication Security Tools
Application Security Tools
 
Application Security-Understanding The Horizon
Application Security-Understanding The HorizonApplication Security-Understanding The Horizon
Application Security-Understanding The Horizon
 
Coding guidelines
Coding guidelinesCoding guidelines
Coding guidelines
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelines
 
State management
State managementState management
State management
 
Implementing application security using the .net framework
Implementing application security using the .net frameworkImplementing application security using the .net framework
Implementing application security using the .net framework
 
Data normailazation
Data normailazationData normailazation
Data normailazation
 
Opps
OppsOpps
Opps
 
Versioning guidelines for product
Versioning guidelines for productVersioning guidelines for product
Versioning guidelines for product
 
Bowling Game Kata by Robert C. Martin
Bowling Game Kata by Robert C. MartinBowling Game Kata by Robert C. Martin
Bowling Game Kata by Robert C. Martin
 
Domain Driven Design
Domain Driven DesignDomain Driven Design
Domain Driven Design
 
Web 2.0 concept
Web 2.0 conceptWeb 2.0 concept
Web 2.0 concept
 
Jump Start To Ooad And Design Patterns
Jump Start To Ooad And Design PatternsJump Start To Ooad And Design Patterns
Jump Start To Ooad And Design Patterns
 
How To Create Strategic Marketing Plan
How To Create Strategic Marketing PlanHow To Create Strategic Marketing Plan
How To Create Strategic Marketing Plan
 
Model Driven Architectures
Model Driven ArchitecturesModel Driven Architectures
Model Driven Architectures
 

Dernier

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Dernier (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Threat Modeling And Analysis

  • 1. Application Security-II Threat Modeling and Analysis Lalit Kale lalitkale@gmail.com http://lalitkale.wordpress.com
  • 2. Overview • Introduction • Why Threat Modeling? • Application Decomposition • Threat Mapping • Calculating Risks • Planning Threat Response & Risk Mitigations • Best Practices in Threat Modeling • Tools • Resources 2
  • 3. Introduction-Basic Terminology • Asset: A resource of value, such as the data in a database or on the file system. A system resource. • Threat: A potential occurrence, malicious or otherwise, that might damage or compromise your assets. • Vulnerability: A weakness in some aspect or feature of a system that makes a threat possible. Vulnerabilities might exist at the network, host, or application levels. • Attack (or exploit): An action taken by someone or something that harms an asset. This could be someone following through on a threat or exploiting a vulnerability. • Countermeasure: A safeguard that addresses a threat and mitigates risk. 3
  • 4. What is Threat Modeling? • A Strategic framework for planning application security aspect in system design phase • Identify, understand, and mitigate threats most likely to affect the system • Can be practiced for both new applications as well as on existing ones 4
  • 5. Why Threat Modeling? • Cannot build a secure system until you understand threats to system • Find security bugs early (and complex bugs) • Address threats in logical order according to greatest risk • Reduce overall risk by mitigating important threats • How do you know when application is “secure enough”? 5
  • 6. Why Threat Modeling? • Helps better understand your application • Justification for security features and relation to identified threat • Clearly documented assumptions and/or consequences • Testers can specifically test against known threats • Helps prevent duplication of security efforts 6
  • 7. Threat Modeling in Microsoft SDL 7
  • 8. Types of Threat Modeling • Attacker Centric • • Software Centric • • Starts with an attack and evaluates the goals and how attackers might achieve them Starts from the design of system and attempts to step through a model of system, looking for types of attacks against each element of the model Asset Centric • Involves starting from assets entrusted to a system, such as a collection of sensitive personal information 8
  • 9. Threat Modeling Phases Application Decomposition Threat Mapping Threat / Risk Rating Threat Response & Mitigations 9
  • 10. Application Decomposition • Threat Response & Mitigations For instance, DFDs and Use Cases are useful • Threat / Risk Rating The type of diagram is not important, but it should focus on data and how it flows through the system • Threat Mapping Use modelling diagrams for a visual representation of how the subsystems operate and work together • Application Decomposition But don’t go too deep - 2 or 3 levels is enough 10
  • 11. Application Decomposition 1. Logical architecture 5. Physical deployment 6. Technologies 7. Identify assets 8. Mark trust boundaries 9. Identify data flows, entry points, and assumptions 10. Threat Response & Mitigations Function 4. Threat / Risk Rating Create an architecture overview 3. Threat Mapping Define scope 2. Application Decomposition Make note of privileged code 11
  • 12. Identifying Threats • Threat Response & Mitigations Compare application to common threats • Are Cross-Site Scripting (XSS) attacks relevant? • Is canonicalization an issue? • Can user sessions be hijacked? • … • Threat / Risk Rating Ask questions with regards to attacker goals • Can the user’s identity be spoofed? • Can data be accessed without authorization? • Can the system be easily blocked? • … • Threat Mapping Analyse each aspect of the architecture/design • Application Decomposition Use structured methods to identify threats 12
  • 13. Identifying Threats Application Decomposition Threat Mapping Threat / Risk Rating Threat Response & Mitigations • To identify threats or goals, ask the following questions: • How can the adversary use or manipulate the asset to modify or control the system? • Retrieve information within the system? • Manipulate information within the system? • Cause the system to fail or become unusable? • Gain additional rights? • Can the adversary access the asset • Without being audited? • And skip any access control checks? • And appear to be another user? 13
  • 14. STRIDE Model Application Decomposition Threat Mapping Threat / Risk Rating Threat Response & Mitigations • A common model for classifying attacker goals is the STRIDE model: • Spoofing – Posing as another user, component, or external system that should be identified by the system • Tampering – Unauthorized modification of data • Repudiation – Denying performing an action without the system being able to prove otherwise • Information Disclosure – Exposure of protected data to an unauthorized user • Denial of Service – Disallowing valid users to access the system • Elevation of Privileges – Gaining privileged access by a lower privileged user 14
  • 15. Threat Tree Application Decomposition Threat Mapping Threat / Risk Rating Threat Response & Mitigations • Method to explore valid attack paths • Represents conditions needed to exploit the threat • Determine all the combined vulnerabilities associated with a threat • Focus on mitigating the vulnerabilities that form the “path of least resistance” 15
  • 16. Documenting Threats • Application Decomposition Threat Mapping Threat / Risk Rating Threat Response & Mitigations Each threat should be documented with 1. Title 2. Target component 3. Vulnerability Categorization(s) (e.g. STRIDE) 4. Attack techniques (e.g. threat tree) 5. Risk 6. Mitigation 16
  • 17. Calculating Risks: RPD Model • Application Decomposition Threat Mapping Threat / Risk Rating Threat Response & Mitigations How do I measure risk? • • Use a structured methodology Predefine general values to avoid confusion • Record the calculated risk • Simple formula: • Risk = Probability * Damage Potential • • • • Define expected damage for each value Divide scale in three bands: High, Medium, Low Simple, yet lacking dimension Not always easy to agree… 17
  • 18. Calculating Risks: DREAD Model Application Decomposition Threat Mapping Threat / Risk Rating • Another method for determining risk is DREAD model • Damage potential – How great is the damage if the vulnerability is exploited? • Reproducibility – How easy is it to reproduce the attack? • Exploitability – How easy is it to launch an attack? • Affected users – As a rough percentage, how many users are affected? • Discoverability – How easy is it to find the vulnerability? • Risk = Min(D, (D+R+E+A+D) / 5) • Threat Response & Mitigations Agree beforehand on values of each factor 18
  • 19. Threat Resolution & Risk Mitigation • Application Decomposition Threat Mapping Threat / Risk Rating Threat Response & Mitigations Threats can be resolved by • • • • Risk Acceptance - doing nothing Risk Transference - pass risk to an externality Risk Avoidance - removing the feature/component that causes the risk Risk Mitigation - decrease the risk • Mitigation strategies should be examined for each threat • Mitigations should be chosen according to the appropriate technology • Resolution should be decided according to risk level and cost of mitigations 19
  • 20. Best Practices in Threat Modeling • Use structured & consistent methodologies • Predefine and agree on risk ratings that work for you • Include all relevant shareholders in TM discussions: • Security • Architecture / Design • Coding • • Testing Don’t let TM discussions to degenerate to finding solutions before the threats have been fully identified 20
  • 21. Best Practices in Threat Modeling • Don’t model too deep – don’t get carried away in the details • Document TM results so they could be used later on for: • • Similar products / systems • • Next versions Education Use common attack libraries / patterns for consistency and additional ideas e.g. http://www.owasp.org/index.php/Category:Attack • Always remember – its never too late for Threat Modeling! 21
  • 22. Threat Modeling Tools • The Threat Analysis and Modeling Tool (TAM): • is an asset-focused tool designed for LOB applications. • It is used for applications for which business objectives, deployment pattern, and data assets and access control are clearly defined. • The focus of the tool is to understand the business risk in the application, help identify controls needed to manage that risk, and protect the assets. 22
  • 23. Threat Modeling Tools • The SDL Threat Modeling Tool: • is a software-focused tool designed for rich client/server application development (for example, Windows and SQL Server, among others) • The tool assumes the final deployment pattern of the product is unknown (that is, if it will be used to manage business-critical applications with customer credit cards or not), so the focus of the tool is to ensure security of the software’s underlying code. 23
  • 24. Summary Application Decomposition •Define scope •Create an architecture overview •Function •Logical architecture •Physical deployment •Technologies •Identify assets •Mark trust boundaries •Identify data flows, entry points, and assumptions •Make note of privileged code Threat Mapping •Identifying Threats •Use STRIDE Model •Creating Threat Tree •Documenting each Threat Calculate Risks •Use Risk = Probability * Damage Potential •Use Risk = Min(D, (D+R+E+A+D) / 5) Threat Resolution and Risk Mitigation •Risk Acceptance - doing nothing •Risk Transference - pass risk to an externality •Risk Avoidance - removing the feature/component that causes the risk •Risk Mitigation - decrease the risk •Mitigation strategies should be examined for each threat •Mitigations should be chosen according to the appropriate technology •Resolution should be decided according to risk level and cost of mitigations 24
  • 25. Resources • OWASP (Open Web Application Security Project): https://www.owasp.org • Microsoft Security: http://www.microsoft.com/security http://www.Microsoft.com/sdl • Wikipedia: http://en.wikipedia.org/wiki/Threat_model 25
  • 26. Lalit Kale lalitkale@gmail.com http://lalitkale.wordpress.com . This presentation is shared under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International license. More information for this license is available at http://creativecommons.org/licenses/by-nc-sa/4.0/ All trademarks are the property of their respective owners. Lalit Kale makes no warranties, express, implied or statutory, as to the information in this presentation.