8/3/2019 Threat Modelling of an Application

1/3

Threat Modelling of the software deployed :-

Most of the processing of understanding the threat on the application is based on the architecture of

network and the transport of data in the organization. It also depends on the degree of trust between

the various applications interacting with each other. The data being exchanged required to be done in

such a manner that the modeling of the same is difficult in the real world by an attacker.

Threat modeling:-

This is a continuous process. It is iterative process done over and over again throughout the system

lifecycle. In the real world the system cannot be modeled completely. Hence the threats can change

their parameters.

We have to identify the threats, attacks and the vulnerabilities for taking the counter measures in the

context of the application in question.

If the modeling is done at the design time it is the cheapest and if the application is already deployed

then the cost of implementing changes in a application will be costlier but possible.

After threat modeling prioritizing the same as per the threat environment is done so that the budgeting

of the same could be done.

Threat modeling is done by the Security, Operations, System engineering, Architecture and most

important is that any of the lead process can influence the modeling of threats.

Principles:- (Application security Arch Principles)These are desirable but not mandatory, behaviors, designs and implementation practices. The principles

do not eliminate the threat but reduce the likelihood of the threat realization. Hence it not only

mitigates the threat but also recovery from an incident.

Security principles are language independent, architecturally neutral, premitives that can be leveraged

to design and construct applications. (OWSAP website) In simple terms if we are designing application

using some primitives they should be architecturally neutral and language independent. These principles

help us taking security decisions easily

By considering the threat we will tend to attain more protection in ..

Applying defense in depth:-

e.g even if session is hijacked they cannot change password without knowledge of present password.

Positive security model: It is nothing but white listing. So checking what the input is. We are notallowing any input that is not the correct input. We by default do not allow non required inputs.

Fail securely: If a process fails to process a request then it should be disallowed.

Do not trust services or external systems: This restricts the use of services unless required. so a ..

Establish secure defaults: As soon as the application is accessed or deployed the default configurations

should be changed by default before application starts working.

Microsoft STRIDE: These are threats that are required to be addressed to take care of the threats.

These are used and promoted by Microsoft to secure their application.

Spoofing - Authentication Pretend to be someone else

Tampering Integrity Modifying data or code

Repudiation Non repudiation Claiming to have not performed an action

Information Disclosure Confidentiality Exposing information to unauthorized Persons

Denial of Service Availability Delay or degrade of service to users

Elevation of Privilege Authorization Gain capabilities without proper authorization.

Mitigation ( point of threat Modeling)

Mitigation is an act of addressing or alleviating a threat.

Protect resources

Implement secure systems..

Four ways to mitigare threats

8/3/2019 Threat Modelling of an Application

2/3

Redesign to eliminate threats

Apply standard mitigations

Invent new mitigations

Accept vulnerability in architecture or implementation.

Ensure that the mitigation of each threat is done completely. These are merely catagorising of threats

there are a number of ways the threats can be mitigated .list in the ppt shown byt Microsoft

The attackers might use the assets that are owned and paid and we need to mitigate because there

might be vulnerabilities. The is done by threat modeling.

Secure web programming:

1. Fact:- 95% of attacks are against Web servers abd web applications2. Top 3 verticales compromised were financial services, hospitals and retail.3. More than 60% of attacks were caused by external agents4. Primary attack vwctor was SQL injection and was used to install customized malware.

Hence the protection against SQL is trivial.

Web application architecture:-

There ate three parts to it

User agents:- browser, client agent BOT etc it sends requests like GET, POST, HEAD, PUT, DELETE.Web Server:- Listens to requests, PHP ASP it talks to the database. Here there is programming logic to

understand s type of requests. This processes the request received and send appropriate response.

1. Trusted code which we know for sure is the same thing that was developed and the integrity is

maintained

2. Based on the validation we can classify data as tainted / bad or untained/good

3

Where is the data coming from:- Web server will be just responding if the request is present or not

depending on the inputs the inputs are coming from various sources as under

GET requests

POSTR

equests, HTML Form dataCookies stored

HTTP Headers

File Uploads

RSS Feeds

External data stores or web services

There are four tyoes if data arriving

Data from reuest going to be displayed in the browser

Dat from the request

Data from the responsegoing to the displayed in the browser

Any web servise from a method after processing from API

Risks:-

Thes risks of data view are of two types

1. Attacking the web application2. Attacking the users of the said web application

Types of attacke:-

All attack the web application hosted and running on the web server

Injsection attacks: SAL and Command Injections

File Inclusion: Local file inclusion and Remote file inclusion

8/3/2019 Threat Modelling of an Application

3/3

HTTP Response splitting attacking HTTP

Attacking web application user:-

All these attacks are meant to attack the user if the web application through it.

Cross site script or commonly known as XSS

Cross sote request forgery also called sea surf

Broken authentication and sessions Management

Why should we make secure web applications:-

Malicious users, automated programs, ignorant users are all trying to break your web application as we

speak.

Web application which get hacked go down or fail while being used to bring disrepute tp your

company, can attack financial damages and can be used to attack other targets on the internet.

How do we achieve:-

Always do server side validation at ever input point.

Any or every data point that originates from outside your web application is bad unless proved

otherwise.

GET, POST, COOKIES, FILES all requests are bad.So we need to ensure only trusted and good data is processed, is allowed in the data base and is

rendered by the browser.

Ensuring integrity of a web application:-

As a developer we have to ensure that the files have their integrity. The data that flows through is

trusted and improper data is dealt with in a known way. You can do with error handlers, exception

handling and failing gracefully.

If you look it holistically the entire point of your web app is to shovel data from one point to another

and do cool things.

ATTACKS:-

Net craft