Beruflich Dokumente
Kultur Dokumente
Shay Zalalichin
CISSP, PCI:DSS QSA
OWASP
Why Threat Modeling?
OWASP
What is Threat Modeling?
OWASP
What is Threat Modeling? (Cont.)
OWASP
Why Threat Modeling?
Simple:
You cannot build a secure system until you
understand your threats
OWASP
Why Threat Modeling (Cont.)?
Security-based analysis
Find security bugs early (and complex bugs)
Think about security in a (relatively) formal way
Address threats in logical order according to
greatest risk
Reduce overall risk by mitigating important threats
How do you know when your application is
“secure enough”?
OWASP
Why Threat Modeling (Cont.)?
Additional Benefits:
Helps better understand your application
Complex interactions
Justification for security features and relation to
identified threat
Clearly documented assumptions and/or
consequences
Educational (e.g. new team members)
Testers can specifically test against known threats
Helps prevent duplication of security efforts
OWASP
System / Application Decomposition
OWASP
System / Application Decomposition
Define scope
Create an architecture overview
Function
Logical architecture
Physical deployment
Technologies
Identify assets
Mark trust boundaries
Identify data flows, entry points, and
assumptions
Make note of privileged code
OWASP
System / Application Decomposition
OWASP
System / Application Decomposition
OWASP
System / Application Decomposition
OWASP
Demo
OWASP
Threat Mapping
OWASP
Identifying Threats
Analyze each aspect of the architecture/design
Ask questions with regards to attacker goals
Can the user’s identity be spoofed?
Can data be accessed without authorization?
Can the system be easily blocked?
…
Compare application to common threats
Are Cross-Site Scripting (XSS) attacks relevant?
Is canonicalization an issue?
Can user sessions be hijacked?
…
Use structured methods to identify threats
OWASP
Identifying Threats (Cont.)
OWASP
Threat Trees
Threat trees can be another useful method to explore valid
attack paths
A threat tree represents conditions needed to exploit the
threat
Threat trees are used to determine all the combined
vulnerabilities associated with a threat
Focus on mitigating the vulnerabilities that form the “path of
least resistance”
OWASP
Identifying Threats
OWASP
Demo
OWASP
Threat & Risk Rating
OWASP
Rating Threats and Risk
OWASP
DREAD Model
OWASP
Planning Threat Response & Mitigations
OWASP
Vulnerability Resolution and Mitigation
OWASP
Best Practices in TM
OWASP
Best Practices in TM
OWASP
Best Practices in TM (Cont.)
OWASP
Questions?
OWASP