Threat Modelling of an Application
-
Upload
makamkkumar -
Category
Documents
-
view
221 -
download
0
Transcript of Threat Modelling of an Application
-
8/3/2019 Threat Modelling of an Application
1/3
Threat Modelling of the software deployed :-
Most of the processing of understanding the threat on the application is based on the architecture of
network and the transport of data in the organization. It also depends on the degree of trust between
the various applications interacting with each other. The data being exchanged required to be done in
such a manner that the modeling of the same is difficult in the real world by an attacker.
Threat modeling:-
This is a continuous process. It is iterative process done over and over again throughout the system
lifecycle. In the real world the system cannot be modeled completely. Hence the threats can change
their parameters.
We have to identify the threats, attacks and the vulnerabilities for taking the counter measures in the
context of the application in question.
If the modeling is done at the design time it is the cheapest and if the application is already deployed
then the cost of implementing changes in a application will be costlier but possible.
After threat modeling prioritizing the same as per the threat environment is done so that the budgeting
of the same could be done.
Threat modeling is done by the Security, Operations, System engineering, Architecture and most
important is that any of the lead process can influence the modeling of threats.
Principles:- (Application security Arch Principles)These are desirable but not mandatory, behaviors, designs and implementation practices. The principles
do not eliminate the threat but reduce the likelihood of the threat realization. Hence it not only
mitigates the threat but also recovery from an incident.
Security principles are language independent, architecturally neutral, premitives that can be leveraged
to design and construct applications. (OWSAP website) In simple terms if we are designing application
using some primitives they should be architecturally neutral and language independent. These principles
help us taking security decisions easily
By considering the threat we will tend to attain more protection in ..
Applying defense in depth:-
e.g even if session is hijacked they cannot change password without knowledge of present password.
Positive security model: It is nothing but white listing. So checking what the input is. We are notallowing any input that is not the correct input. We by default do not allow non required inputs.
Fail securely: If a process fails to process a request then it should be disallowed.
Do not trust services or external systems: This restricts the use of services unless required. so a ..
Establish secure defaults: As soon as the application is accessed or deployed the default configurations
should be changed by default before application starts working.
Microsoft STRIDE: These are threats that are required to be addressed to take care of the threats.
These are used and promoted by Microsoft to secure their application.
Spoofing - Authentication Pretend to be someone else
Tampering Integrity Modifying data or code
Repudiation Non repudiation Claiming to have not performed an action
Information Disclosure Confidentiality Exposing information to unauthorized Persons
Denial of Service Availability Delay or degrade of service to users
Elevation of Privilege Authorization Gain capabilities without proper authorization.
Mitigation ( point of threat Modeling)
Mitigation is an act of addressing or alleviating a threat.
Protect resources
Implement secure systems..
Four ways to mitigare threats
-
8/3/2019 Threat Modelling of an Application
2/3
Redesign to eliminate threats
Apply standard mitigations
Invent new mitigations
Accept vulnerability in architecture or implementation.
Ensure that the mitigation of each threat is done completely. These are merely catagorising of threats
there are a number of ways the threats can be mitigated .list in the ppt shown byt Microsoft
The attackers might use the assets that are owned and paid and we need to mitigate because there
might be vulnerabilities. The is done by threat modeling.
Secure web programming:
1. Fact:- 95% of attacks are against Web servers abd web applications2. Top 3 verticales compromised were financial services, hospitals and retail.3. More than 60% of attacks were caused by external agents4. Primary attack vwctor was SQL injection and was used to install customized malware.
Hence the protection against SQL is trivial.
Web application architecture:-
There ate three parts to it
User agents:- browser, client agent BOT etc it sends requests like GET, POST, HEAD, PUT, DELETE.Web Server:- Listens to requests, PHP ASP it talks to the database. Here there is programming logic to
understand s type of requests. This processes the request received and send appropriate response.
1. Trusted code which we know for sure is the same thing that was developed and the integrity is
maintained
2. Based on the validation we can classify data as tainted / bad or untained/good
3
Where is the data coming from:- Web server will be just responding if the request is present or not
depending on the inputs the inputs are coming from various sources as under
GET requests
POSTR
equests, HTML Form dataCookies stored
HTTP Headers
File Uploads
RSS Feeds
External data stores or web services
There are four tyoes if data arriving
Data from reuest going to be displayed in the browser
Dat from the request
Data from the responsegoing to the displayed in the browser
Any web servise from a method after processing from API
Risks:-
Thes risks of data view are of two types
1. Attacking the web application2. Attacking the users of the said web application
Types of attacke:-
All attack the web application hosted and running on the web server
Injsection attacks: SAL and Command Injections
File Inclusion: Local file inclusion and Remote file inclusion
-
8/3/2019 Threat Modelling of an Application
3/3
HTTP Response splitting attacking HTTP
Attacking web application user:-
All these attacks are meant to attack the user if the web application through it.
Cross site script or commonly known as XSS
Cross sote request forgery also called sea surf
Broken authentication and sessions Management
Why should we make secure web applications:-
Malicious users, automated programs, ignorant users are all trying to break your web application as we
speak.
Web application which get hacked go down or fail while being used to bring disrepute tp your
company, can attack financial damages and can be used to attack other targets on the internet.
How do we achieve:-
Always do server side validation at ever input point.
Any or every data point that originates from outside your web application is bad unless proved
otherwise.
GET, POST, COOKIES, FILES all requests are bad.So we need to ensure only trusted and good data is processed, is allowed in the data base and is
rendered by the browser.
Ensuring integrity of a web application:-
As a developer we have to ensure that the files have their integrity. The data that flows through is
trusted and improper data is dealt with in a known way. You can do with error handlers, exception
handling and failing gracefully.
If you look it holistically the entire point of your web app is to shovel data from one point to another
and do cool things.
ATTACKS:-
Net craft