Threat Modeling. Deepak Manohar

Similar documents
Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Microsoft Security Development Lifecycle for IT. Rob Labbé Application Consulting and Engineering Services

New IBM Security Scanning Software Protects Businesses From Hackers

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

Penetration Testing Service. By Comsec Information Security Consulting

Application Intrusion Detection

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Secure Code Development

Juniper Networks Secure

How to Build a Trusted Application. John Dickson, CISSP

elearning for Secure Application Development

Effective Software Security Management

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

External Supplier Control Requirements

A Strategic Approach to Web Application Security The importance of a secure software development lifecycle

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

Web Application Attacks and Countermeasures: Case Studies from Financial Systems

Threat Modeling: The Art of Identifying, Assessing, and Mitigating security threats

Auditing the Security of an SAP HANA Implementation

Mobile Application Security

Application Security Testing

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Hack Proof Your Webapps

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)

The Top Web Application Attacks: Are you vulnerable?

Turning the Battleship: How to Build Secure Software in Large Organizations. Dan Cornell May 11 th, 2006

Adobe Systems Incorporated

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

WHITEPAPER. Nessus Exploit Integration

Attack Vector Detail Report Atlassian

Web Application Report

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

CSUSB Web Application Security Standard CSUSB, Information Security & Emerging Technologies Office

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Enterprise Application Security Program

SAFECode Security Development Lifecycle (SDL)

Secure Development Lifecycle. Eoin Keary & Jim Manico

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

A Strategic Approach to Web Application Security

CEH Version8 Course Outline

How Companies Can Improve Website & Web Application Security. Even with a Tight IT Budget

Know your enemy. Class Objectives Threat Model Express. and know yourself and you can fight a hundred battles without disaster.

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

Now Is the Time for Security at the Application Level

Speaker Info Tal Be ery

Building Security into the Software Life Cycle

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

EC-Council. Program Brochure. EC-Council. Page 1

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

OWASP AND APPLICATION SECURITY

WhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program

Test Prioritization in Security Risk Testing

A Strategic Approach to Web Application Security

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

Getting Started with Web Application Security

Penetration Testing. Presented by

What is Web Security? Motivation

90% of data breaches are caused by software vulnerabilities.

Where every interaction matters.

Web application security: automated scanning versus manual penetration testing.

A Decision Maker s Guide to Securing an IT Infrastructure

Integrigy Corporate Overview

Rational AppScan & Ounce Products

Developing Secure Software in the Age of Advanced Persistent Threats

Last update: February 23, 2004

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Network Security Threat Matrix May 2004

Web App Security Audit Services

Seven Practical Steps to Delivering More Secure Software. January 2011

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis

IQware's Approach to Software and IT security Issues

SecurityMetrics Vision whitepaper

Entire contents 2011 Praetorian. All rights reserved. Information Security Provider and Research Center

Network Security Audit. Vulnerability Assessment (VA)

Don t Get Burned! Are you Leaving your Critical Applications Defenseless?

The AppSec How-To: Achieving Security in DevOps

2,000 Websites Later Which Web Programming Languages are Most Secure?

Web Application Security

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Protecting Your Organisation from Targeted Cyber Intrusion

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

Integrating Security Testing into Quality Control

The Security Organization p. 1 Anecdote p. 2. Introduction

Software Application Control and SDLC

The Intelligent, Proactive Information Assurance and Security Technology IPDM

IBM Rational AppScan: Application security and risk management

Excellence Doesn t Need a Certificate. Be an. Believe in You AMIGOSEC Consulting Private Limited

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

FACING SECURITY CHALLENGES

EC-Council. Certified Ethical Hacker. Program Brochure

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Understanding Security Testing

Threat Modelling for Web Application Deployment. Ivan Ristic (Thinking Stone)

Web Application security testing: who tests the test?

Cisco Advanced Services for Network Security

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Transcription:

Threat Modeling Deepak Manohar

Outline Motivation Past Security Approaches Common problems with past security approaches Adversary s perspective Vs Defender s perspective Why defender s perspective? Threat Modeling Overview Knowledge gained from Previous versions ACE Threat Modeling V2.0 Demo Conclusion

Motivation Why we should focus on Securing applications. "75 percent of hacks happen at the application." - Lanowitz Gartner predicts that if 50 percent of software vulnerabilities were removed prior to production use for purchased and internally developed software, enterprise configuration management costs and incident response costs each would be reduced by 75 percent. Why current security protection mechanisms are an afterthought or don t address the actual issue? Firewalls, IDS are network/perimeter based attack detection systems Security needs to be baked in Why Threat Modeling? Cost of fixing bugs Design time, Deployment time Cost of identifying required security controls at design time vs post implementation

Age of Application Security Desktop Security - Anti-virus Network Security - Firewalls, IDS http://payroll http://finance Application Security - Secure Development - Code Scanning

Past Security Approaches Penetration Testing Attempt to impersonate the adversary and break-in Security Code Reviews Detect security flaws in code base Security Design Reviews Detect security flaws in software architecture Identify as many vulnerabilities as possible Ideology similar to early testing ideology

Common Problems with Past Security Approaches No plan - almost random vulnerability searching No protection profile generated Similar treatment irrespective of Assurance level Looks at security from an adversarial perspective Cost Benefit analysis not easy

Adversary s Perspective Vs Defender s Perspective Adversary s Perspective Objective Break the application Looking for vulnerabilities that can used to carry out an attack Vulnerabilities and attacks are simply a means to an end Shortcoming relationship between time and vulnerabilities discovered Defender s Perspective Objective Protect the application Identify assets rank assets Protect assets Build protection mechanisms (protection profile) around assets Engineer security into solution

Why Defender s Perspective? What to protect? Prioritize effort based on asset value Build a protection profile Bake security in Better Cost Benefit Analysis

If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. - Sun Tzu, The Art of War

Who we are ACE ACE Application Consulting and Engineering ACE Security ACE Performance ACE Engineering ACE Services

Threat Modeling Overview Solid Understanding Application Architecture Systematically Identify and Rate threats Address rated threats with appropriate countermeasures

Threat Modeling Definitions Threat Realized through Possibility of something bad happening Attacks How it happens (the exploit) Materialize through Vulnerabilities Mitigated with Why it happens (the cause) Countermeasures How to prevent it (the fix)

If a negative business impact cannot be illustrated, it s not a threat!

Knowledge gained from previous versions Application developers and security Threats need to be generated systematically Avoid brainstorming threats Conversion from BRD/FSD/TSD Complexity of threat modeling process Entry point/exit point Data flow diagrams Control flow diagrams Application developers Mentality Time Difficult to quantify threat agent s skill

Objectives for ACE Threat Modeling? Threat modeling methodology focused on typical enterprise IT (LOB) applications Objective: Provide a consistent methodology for objectively identifying and evaluating threats to applications Translates technical risk to business impact Empower the business to manage risk Creates awareness of the security dependencies and assumptions All without requiring security subject matter expertise

ACE Threat Modeling Benefits Benefits for Application Teams Translates technical risk to business impact Provides a security strategy Prioritize security features Understand value of countermeasures Benefits for Security Team More focused Security Assessments Translates vulnerabilities to business impact Improved Security Awareness Bridges the gap between security teams and application teams

What is ACE Threat Modeling? Identify all possible threats to assets in applications Identify the misuse cases for an application Prioritize threats Provide controls to eliminate/mitigate threats Provide application specific countermeasures (security features)

Anatomy of a Threat Application Context Security Team Expertise Threats Attacks Vulnerabilities Countermeasures Application Team Expertise

Decomposing the Application Context Roles Components Data

Application Context Rules Roles can interact with Components through defined Actions Components can interact with Components through defined Actions Data is stored inside Components Components can Create, Read, Update or Delete Data Data can flow between 2 interacting Components Data can flow between interacting Role and Component

Generating Threats Application Context defines allowable actions Built by following our application context rules Systematic corruption of these actions are threats Automatic Threat Generation

ISO 15408 - Security relationship

Attacks Password Brute Force Buffer Overflow Canonicalization Cross-Site Scripting Cryptanalysis Attack Denial of Service Forceful Browsing Format-String Attacks HTTP Replay Attacks Integer Overflows LDAP Injection Man-in-the-Middle Network Eavesdropping One-Click/Session Riding/CSRF Repudiation Attack Response Splitting Server-Side Code Injection Session Hijacking SQL Injection XML Injection

Attack Library Collection of known Attacks Define, with absolute minimal information, the relationship between The exploit The cause The fix Use of dynamic SQL SQL Injection Ineffective or lacking input validation Use parameterized SQL statement Use stored procedure with no dynamic SQL Perform whitelist input validation

Threat-Attack Loose Coupling Compromised integrity of credit card numbers Security Team Expertise Compromised integrity of credit card numbers SQL Injection SQL Injection Use of dynamic SQL Ineffective or lacking input validation Use parameterized SQL statement Use stored procedure with no dynamic SQL Perform whitelist input validation Application Team Expertise

Transparency with Attack Library Application Context Threats Attacks Vulnerabilities Countermeasures

Threat Modeling & Security SMEs Attack Library created by security SMEs Verifiable and repeatable Security SME provides TM completeness Verifies that the threat model meets the application specifications Plugs knowledge gaps in the threat model New 0-day attack not part of the Attack Library Performs potential optimization

ACE Threat Modeling during SDLC Creation Signoff Assimilation SDLC Envision Design Develop / Purchase Test Release / Sustainment SDL-IT Application Entry / Risk Assessment Threat Model / Design Review Internal Review Pre-Production Assessment Post- Production Assessment Evolutionary Process

Threat Analysis & Modeling v2.0 Tool created to aid in the process of creating and assimilating threat models Automatic Threat Generation Automatic Attack coupling Provides a security strategy Maintain repository of Threat Models for analysis* Security landscape is evolving (new attacks, vulnerabilities, mitigations being introduced)

Threat Analysis & Modeling v2.0 (cont.) Analytics Data Access Control Matrix Component Access Control Matrix Subject-Object Matrix Component Profile Visualizations Call/Data/Trust Flow Attack Surface Threat Tree Reports Risk Owners Report Design/Development/Test/Operations Team Report Comprehensive Report

Tool Demo

Sample application User Roles Unregistered users Registered users Service Roles Webservice Role Database Role Data Customer Accounts Customer CCs Product Information Components Webservice Database Use Cases Unregistered, Registered users read product information Unregistered Users can create customer accounts

Summary Methodology evolved from years of experience Methodology streamlined to minimize the impact to existing development process Does not require security subject matter expertise Collecting already known data points Consistent & objective methodology Methodology optimized for SDL-IT integration

Question and Answer http://msdn.microsoft.com/security/securecode/threatmodeling/acetm/

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information