150 likes | 191 Vues
Threat Modeling. By Dharmesh M Mehta June, 2006 dharmeshmm@mastek.com http://smartsecurity.blogspot.com. Agenda. What is Threat Modeling Threat Modeling Process Threat Models and Analysis. What is Threat Modeling?.
E N D
Threat Modeling By Dharmesh M Mehta June, 2006 dharmeshmm@mastek.com http://smartsecurity.blogspot.com
Agenda • What is Threat Modeling • Threat Modeling Process • Threat Models and Analysis
What is Threat Modeling? • Threat Modeling is a structured method that is used to understand and mitigate threats against your system. • Helps the development team: • Identify where the application is most vulnerable • Determine which threats require mitigation and how to address those threats • Genuinely useful and does not have to be difficult. It is a hot new buzzword!
Essential Terminology • Threat – An action or event that might prejudice security. A threat is a potential violation of security. • Vulnerability – Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system. • Attack – An assault on system security that derives from an intelligent threat. An attack is any action that violates security.
Threat Modeling Process • Define Application Requirements • Decompose your application • Define Application Architecture • Include External Components • Application Use Cases • Model • Find Threats against CIA • Measure
Defining Application Requirements Courtesy: Microsoft Threat Analysis and Modeling
Defining Application Architecture Courtesy: Microsoft Threat Analysis and Modeling
Model Courtesy: Microsoft Threat Analysis and Modeling
1.2 Guess password 1.1 Access “in-use”password 1.3 Access Password in DB 1.3.1 Password is in cleartext 1.3.2 Compromise database 1.1.1 Sniff network 1.1.2 Phishing attack 1.2.1 Password is weak 1.2.2 Brute force attack 1.3.2.1 SQL injection attack 1.3.2.2 Access database directly 1.3.2.2.1 Port open 1.3.2.2.2 Weak db account password(s) Threat Tree Threat #1 (I) Compromise password
Threat Models • You cannot build secure applications unless you understand threats • Find different bugs than code review and testing • Threat modeling yields both threats and vulnerabilities and provides ways to perform security testing in order to prioritize the security fixes needed.
Threat Analysis • Secure software starts with understanding the threats • Threats are not vulnerabilities • Threats live forever • How will attackers attempt to compromise the system?
That’s it… • Presentation will be online: http://www.owasp.org/index.php/Mumbai Thank you!