Link to this headingThreat Modeling
Questions about:
- What are you building?
- What can go wrong? What are the threats?
- What are the Trust Zones? What are the violations of the trust zone?
- What is the encryption between trust zones?
- What should you do about those things that can go wrong?
- Did you do a decent job of analysis?
Types:
ATT&CK
STRIDE
Link to this headingWho should be involved
Security Architect
Project Lead and Engineers
Dev ops
Link to this headingDiagrams
External Entity:
Process:
Data Flow:
Data Store:
Trust Boundary:
- From internet
- From Networks
Link to this headingSTRIDE
Steps:
- Make diagrams for trust boundaries of the application. (This is where a change in authentication/access is needed to move from one side to another)
- Make Diagrams for trust boundaries of the application. (This is where a change in authentication/access is needed to move from one side to another)
- Entry Points:
- Login Page, status page, ports, services
- Assets:
- Admin Login, User Login, Personal Data, Database access, Audit Access
- Find all of the services/data that interact with the application. What Trust levels is necessary to access certain data/assets/information
2. Find Threats
- Third party Libraries
- Services Running and Where
- Entry Points:
- Connection between Devices
- Firewall, TLS, Credentials, Limited Network
- Exit Points:
- XSS, Information disclosure, SQL injection, User Enumeration
3. Determine Countermeasures and Mitigation
- Accept: decide that the business impact is acceptable, and document who has chosen to accept the risk
- Eliminate: remove components that make the vulnerability possible
- Mitigate: add checks or controls that reduce the risk impact, or the chances of its occurrence
- Transfer: Transfer risk to an insurer or customer.
Spoofing: Pretending to be something or someone other than yourself
- Strengths: Authentication, Multi-Factor Authentication, SSL/TLS, Client Certificates, CSRF
- Weaknesses: Secrets Stored Insecurely, password stuffing, token stealing
Tampering: Modifying something on disk, on a network, or in memory
- Strengths: Integrity, Authorization, Hashes, MAC, Digital Signatures, Tamper resistant protocols
- Weaknesses: Business Input Validation, Log Tampering
Repudiation: Claiming that you didn’t do something, or were not responsible. With evidence
- Strengths: Logging user actions, Timestamps, Signatures
- Weaknesses: No audit trail
Information Disclosure: Providing information to someone not authorized to see it
- Strengths: Authorization, Encryption,
- Weaknesses: Basic Auth Credentials, Database Leak,
Denial of Service: Absorbing resources needed to provide service
- Strengths: Backup ISP, WAF, Scaling Service, PoW
- Weaknesses: Lack of Throttling, Filtering
Escalation of Privileges: Allowing someone to do something they’re not authorized to do
- Weaknesses: No network isolation, Bad AWS configuration, command injection, memory-safe and type-safe languages, Linux/Windows security compile flags
- Weaknesses: No network Isolation, Bad AWS Configuration, command injection, memorysafe and typesafe languages, linux/windows security compile flags