Threat Modeling

Download Report

Transcript Threat Modeling 

Threat Modeling
By Dharmesh M Mehta
June, 2006
[email protected]
http://smartsecurity.blogspot.com
OWASP
Copyright © 2004 - The OWASP Foundation
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License.
The OWASP Foundation
http://www.owasp.org
Agenda
What is Threat Modeling
Threat Modeling Process
Threat Models and Analysis
OWASP
2
What is Threat Modeling?
 Threat Modeling is a structured method that is used to
understand and mitigate threats against your system.
 Helps the development team:
 Identify where the application is most vulnerable
 Determine which threats require mitigation and how to address
those threats
 Genuinely useful and does not have to be difficult. It is a
hot new buzzword!
OWASP
3
Essential Terminology
 Threat – An action or event that might prejudice
security. A threat is a potential violation of security.
 Vulnerability – Existence of a weakness, design, or
implementation error that can lead to an unexpected,
undesirable event compromising the security of the
system.
 Attack – An assault on system security that derives from
an intelligent threat. An attack is any action that violates
security.
OWASP
4
Threat Modeling Process
Define Application Requirements
Decompose your application
Define Application Architecture
Include External Components
Application Use Cases
Model
Find Threats against CIA
Measure
OWASP
5
Defining Application Requirements
Courtesy: Microsoft Threat Analysis and Modeling
OWASP
6
Defining Application Architecture
Courtesy: Microsoft Threat Analysis and Modeling
OWASP
7
Model
Courtesy: Microsoft Threat Analysis and Modeling
OWASP
8
Threat Tree
1.1
Access “in-use”
password
1.1.1
Sniff network
1.1.2
Phishing attack
Threat #1 (I)
Compromise
password
1.3
Access
Password in DB
1.3.1
Password is in
cleartext
1.2
Guess password
1.3.2
Compromise
database
1.3.2.1
SQL injection
attack
1.2.1
Password is
weak
1.2.2
Brute force
attack
1.3.2.2
Access database
directly
1.3.2.2.1
Port open
1.3.2.2.2
Weak db account
password(s)
OWASP
9
Threat Models
 You cannot build secure applications unless you
understand threats
 Find different bugs than code review and testing
 Threat modeling yields both threats and vulnerabilities
and provides ways to perform security testing in order to
prioritize the security fixes needed.
OWASP
10
Threat Analysis
 Secure software starts with understanding the threats
 Threats are not vulnerabilities
 Threats live forever
 How will attackers attempt to compromise the system?
OWASP
11
That’s it…
Presentation will be online:
http://www.owasp.org/index.php/Mumbai
Thank you!
OWASP
12