An Approach To. Web Application Threat Modeling



Similar documents
Session 9 : Information Security and Risk

HIPAA HITECH ACT Compliance, Review and Training Services

Personal Data Security Breach Management Policy

Chapter 7 Business Continuity and Risk Management

GUIDANCE FOR BUSINESS ASSOCIATES

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

Systems Support - Extended

First Global Data Corp.

esupport Quick Start Guide

In addition to assisting with the disaster planning process, it is hoped this document will also::

WEB APPLICATION SECURITY TESTING

Integrating With incontact dbprovider & Screen Pops

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

Network Security Trends in the Era of Cloud and Mobile Computing

5.2.1 Passwords. Information Technology Policy. Policy. Purpose. Policy Statement. Applicability of this Policy

The Importance of Market Research

2008 BA Insurance Systems Pty Ltd

ACTIVITY MONITOR. Live view of remote desktops. You may easily have a look at any user s desktop.

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor

TrustED Briefing Series:

The user authentication process varies from client to client depending on internal resource capabilities, and client processes and procedures.

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions

Key Steps for Organizations in Responding to Privacy Breaches

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

Have some knowledge of how queries execute. Must be able to read a query execution plan and understand what is happening.

RECOMMENDATIONS SECURITY ONLINE BANK TRANSACTIONS. interests in the use of IT services, such as online bank services of Société Générale de Banques au

Name. Description. Rationale

Security in Business and Applications. Madison Hajeb Stefan Hurst Benjamin Von Slade

HEAL-Link Federation Higher Education & Research. Exhibit 2. Technical Specifications & Attribute Specifications

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company,

CNS-205: Citrix NetScaler 11 Essentials and Networking

VCU Payment Card Policy

Installation Guide Marshal Reporting Console

2. When logging is used, which severity level indicates that a device is unusable?

Security Services. Service Description Version Effective Date: 07/01/2012. Purpose. Overview

The actions discussed below in this Appendix assume that the firm has already taken three foundation steps:

CDC UNIFIED PROCESS PRACTICES GUIDE

IT Help Desk Service Level Expectations Revised: 01/09/2012

UBC Incident Response Plan V1.5

Completing the CMDB Circle: Asset Management with Barcode Scanning

Online Learning Portal best practices guide

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

Corporate Account Takeover & Information Security Awareness

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Configuring and Monitoring Network Elements

Network Defense Specialist. Course Title: Network Defense Specialist: Security and Vulnerability Assessment

OCR LEVEL 2 CAMBRIDGE TECHNICAL

Plus500CY Ltd. Statement on Privacy and Cookie Policy

Using PayPal Website Payments Pro UK with ProductCart

Data Protection Act Data security breach management

Copyright 2013, SafeNet, Inc. All rights reserved. We have attempted to make these documents complete, accurate, and

Getting Started Guide

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013

ENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY

expertise hp services valupack consulting description security review service for Linux

Process of Setting up a New Merchant Account

HP ExpertOne. HP2-T21: Administering HP Server Solutions. Table of Contents

Installation Guide Marshal Reporting Console

Securely Managing Cryptographic Keys used within a Cloud Environment

Information Services Hosting Arrangements

Knowledge Base Article

Cisco IT Essentials v4.1. Course Overview. Total Hours: 240

Unified Infrastructure/Organization Computer System/Software Use Policy

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

Business Intelligence and DataWarehouse workshop

The Acunetix Web Vulnerability Scanner

Serv-U Distributed Architecture Guide

PCI - Why You Need to be Compliant When Accepting Credit Card Payments. Agenda. Breaches in the Headlines. Breach Events & Commonalities

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

BackupAssist SQL Add-on

Christchurch Polytechnic Institute of Technology Access Control Security Standard

What is Software Risk Management? (And why should I care?)

Data Protection Policy & Procedure

Change Management Process

Department of CSIT Organizes a 2-Day Skill Development Workshop On Basic Networking Tools and Concepts. On March 2016

X7500 Series, X4500 Scanner Series MFPs: LDAP Address Book and Authentication Configuration and Basic Troubleshooting Tips

MaaS360 Cloud Extender

Risk Management Policy AGL Energy Limited

LogMeIn Rescue Web SSO via SAML 2.0 Configuration Guide

The Cost Benefits of the Cloud are More About Real Estate Than IT

Firewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers)

Intel Hybrid Cloud Management Portal Update FAQ. Audience: Public

Defining Sales Campaign Automation How , the Killer App, is best applied to marketing

Research Report. Abstract: Security Management and Operations: Changes on the Horizon. July 2012

Deployment Overview (Installation):

A. Early Case Assessment

SMART Active Directory Migrator Requirements

Service Request Form

FINRA Regulation Filing Application Batch Submissions

IN-HOUSE OR OUTSOURCED BILLING

Preparing to Deploy Reflection : A Guide for System Administrators. Version 14.1

Analytical Techniques created for the offline world can they yield benefits online?

Systems Load Testing Appendix

Mobile Workforce. Improving Productivity, Improving Profitability

Enterprise Security Management CIS 259

Research Report. Abstract: Data Center Networking Trends. January By Jon Oltsik With Bob Laliberte and Bill Lundell

Transcription:

An Apprach T Web Applicatin Threat Mdeling By Akash Shrivastava April 2008 Akash.InfSec@gmail.cm

1. Overview In present internet cmputing envirnment ne r the ther frm f security has becme a requirement fr all web applicatins. Imprtance f Cnfidentiality, Integrity and Privacy is increasing day by day and security has becme vital in internet technlgy. T design a secure web applicatin, it is very imprtant t analyze and mdel the ptential threats. Threat mdeling is a prcedure fr ptimizing Netwrk/ Applicatin/ Internet Security by identifying bjectives and vulnerabilities, and then defining cuntermeasures t prevent, r mitigate the effects f, threats t the system. [5] A threat is a ptential r actual undesirable event that may be malicius (such as DS attack) r incidental (Infrmatin Disclsure). Threat mdeling is a planned activity fr identifying and assessing applicatin threats and vulnerabilities. Threat Mdeling is an nging prcess s a framewrk shuld be develped and implemented by the cmpanies fr threats mitigatin. The aim f this paper is t identify relevant threats and vulnerabilities in the Web Applicatin and build a Security Framewrk t help in designing a secure Web Applicatin. 2. Practical Utilities f Threat Mdeling There are varius vulnerabilities present in the Web Applicatins. Organizatins shuld invest in the vulnerabilities accrding t their impact n the rganizatin. A vulnerability that can be explited is a threat t rganizatin s functins and assets. Threat Mdeling can be used t: Identify ptential threats that can be explited t launch a successful attack against applicatin and rganizatin s assets. Design the applicatin t meet the Security bjectives. Help making key engineering decisins while priritizing ptential threats. Identify the vulnerabilities thse are actually critical in the unique envirnment such as cmpany netwrk. Priritize and Reduce risk f security issues arising during develpment and peratins. [8]

3. Prcedure f Web Applicatin Threat Mdeling Majr steps invlved in the Threat Mdeling f Web Applicatin are mentined belw: Security Objectives Identificatin Assets Identificatin Applicatin Walkthrugh System Mdeling Threats Identificatin Vulnerabilities Identificatin Threat Agent Selectin Threat Histry Examinatin Priritizing the Assets & Vulnerabilities Threat Impact Analysis 3.1 Security Objectives Identificatin: Security bjectives are gals and cnstraints related t the Cnfidentiality, Integrity, and Availability f custmer s data and applicatins. The Security Objectives are: Prtect custmer accunt details and custmer credit histry fr example prevent attackers frm btaining sensitive custmer data, including passwrds, prfile infrmatin, financial histry, custmer Credit Card Numbers, Bank details, r travel itineraries. Ensure the availability f the applicatin at any time i.e. meet Service-Level Agreements (SLA) fr applicatin availability r meeting Cmpliance requirement r standard. Prevent unauthrized users frm mdifying infrmatin, especially financial infrmatin. The guarantee the cmpany makes t their custmers abut service availability, cnfidentiality r integrity f data such as prtect the cmpany's nline business credibility r what guarantee the cmpany makes t their custmers abut cnfidentiality r integrity f the data.

3.2 Assets Identificatin: An asset is a resurce f value which varies by perspective. T the business, an asset might be the availability f infrmatin, r the infrmatin itself, such as custmer data. It is imprtant t identify and create a list f assets that invlves cnsidering every ptential cmpany asset and deciding whether r nt it fits within the "security perimeter. Fllwing is a list f cmmn sensitive assets [7]: Cmputers and Laptps Ruters and Netwrking equipment Printers & Fax Machines Cameras, digital r analg, with cmpany-sensitive phtgraphs Data - sales, custmer infrmatin, emplyee infrmatin Cmpany Smartphnes/ PDAs VIP Phnes, IP PBXs (digital versin f phne exchange bxes), related servers VIP r regular phne call recrdings and recrds Email Lg f emplyees daily schedule and activities Web pages, especially thse that ask fr custmer details and thse that are backed by web scripts that query a database Web server cmputer Security cameras Emplyee access cards. Access pints (i.e., any scanners that cntrl rm entry) T an attacker, an asset culd be the ability t misuse an applicatin fr unauthrized access t data r privileged peratins.

3.3 Applicatin Walkthrugh: In this step the web applicatin is summarized int what it des, its cmmunicatin and security mechanism etc. This step is all abut acquiring maximum pssible infrmatin abut the target applicatin. The bjective is t identify the applicatin's key functinality, characteristics, rles, key usage, technlgy and security mechanism etc. This will help t identify relevant threats during phase f Identify Threats. Fllwing things need t be cnsidered t create an applicatin walkthrugh: Gather details abut the deplyment tplgy, lgical layers key services, Cmmunicatin prts and prtcls. Identify the applicatin's rles like wh can d what within yur applicatin, Higherprivileged grups f users, Identify internal user and Administratr, Guest user and Internet user, identify Web Service r Database rles. It is a very imprtant factr t identify the key usage scenaris f yur applicatin. What are the imprtant features f yur applicatin? What des it d? Sme typical scenari will be user view and search prducts and add them in Shpping Cart, Registered user lgs in and place an rder thrugh Shpping Cart. Identifying the functinality and usage f the applicatin helps yu t understand hw the applicatin is prjected t be used and hw it can be misused. Identify and list the Technlgies and Sftware that the applicatin uses. Fr example Operating System type, Web Server type and versin, Database, Technlgy used i.e..net r C# r any ther etc. This nt nly helps t put mre fcus n technlgy-specific threats but als helps us t determine the crrect and mst apprpriate mitigatin techniques. Identify which Security Mechanism is being used by the applicatin. Varius key pints shuld be cnsidered when identifying applicatin security mechanisms knwn. Fr example: Input and data validatin Authenticatin & Authrizatin Mechanism Sessin Management Cryptgraphy Technique used Auditing and lgging

3.4 System Mdeling: At the start f the Threat Mdeling prcess, the security designer needs t understand the system abslutely. With the help f the use cases and architectural mdel, system mdel fr the applicatin can be created. The mre yu knw abut the applicatin, the easier it is t expse threats and discver vulnerabilities. This step invlves breaking dwn the applicatin t create a security prfile. The prcess f decmpsitin f the applicatin invlves understanding every cmpnent (Website, Web Service r Database) and its intercnnectins, defining usage scenaris, and identifying assumptins and dependencies (external r internal such as AD, Mail System etc). There are different techniques that can be used t mdel a cmputing system. Fllwing pints can be cnsidered t create a mdel f the applicatin/ System: Identify trust bundaries f the system such as a perimeter firewall r the bundary between the Web Applicatin and a third-party service. Draw the Data Flw Diagram (DFD) f the applicatin which dissects the applicatin int its functinal cmpnents and indicates the flw f data int and ut f the varius parts f system cmpnents such as user lgin methd, data flw between Web Applicatin, Database Server and a Third Party Service r Web Service. Identify the entry pints t the applicatin as they als serve as entry pints fr attacks such as Web request thrugh Prt 80 r Prt 443, Lgin Pages fr internal and external users, admin pages etc. Identify exit pints as they can als be used as an attack vectr such as search page, which writes the client's search string and the crrespnding results and index page, which displays prduct details. What we need is a system mdel that reveals the essential characteristics f the system and helps in identifying threats which may arise due t specific applicatin lgic r technlgy engaged in the applicatin. The mre cmplete and detailed the mdel is, the mre successful the ther stages will be.

3.5 Threats Identificatin: In this step, thse threats are identified, which may affect the system and cmprmise the assets. Threat identificatin is the key t a secure system. Identifying threats cnsists f analyzing each entry/ exit pints, examine the applicatin tier-by-tier, layer-by-layer and feature-by-feature. The fllwing threats culd affect the applicatin: Dictinary based Brute Frce attacks. Netwrk eavesdrpping ccurs between the brwser and Web server t capture client credentials. An attacker may capture ckies t take-ff the identity. SQL Injectin, which enables an attacker t make use f an input validatin vulnerability t execute cmmands in the database and thereby access and/r mdify data. Crss-site scripting thrugh injecting script cde. Infrmatin leakage. An attacker takes cntrl f the Web server, gain unauthrized access t the database, and run cmmands against the database r gain unauthrized access t Web server resurces and static files. Discvery f encryptin keys used t encrypt sensitive data (including client credit card numbers) in the database.

3.6 Vulnerabilities Identificatin: T identify weaknesses related t yur threats, layers f applicatin shuld be reviewed. Using vulnerability categries help fcusing n thse areas where mistakes are mst ften made. Cmmn applicatin vulnerabilities are: Authenticatin related vulnerability such as lack f passwrd cmplexity enfrcement r lacks f passwrd retry lgic Invalidated Data & Inputs Is all input validated? Hw is it validated? Is it validated fr type, length, frmat, and range? What des gd data lk like? Where is it validated? Exceptin handling What infrmatin is needed fr trubleshting? What infrmatin shuld be presented t the end user? An attacker may gain useful exceptin details Prviding detail errr message t the end-user/ client Weak Encryptin key r encryptin key is using wrng algrithm Revealing an administratin functin thrugh the Web applicatin Remte Cde Executin vulnerability SQL Injectin r Crss Site Scripting Username enumeratin Parameter Tempering Authrizatin Manipulatin and User Privilege Escalatin Sessin & Ckie

3.7 Threat Agent Selectin: Threat agent is the persn r event that has the ability t generate threats. In the abve mentined scenari fllwing are the main threat agent/ event: Insiders and users Hackers and Crackers (Hackers/ Crackers Grup) Wrm, Trjans and Viruses Natural and envirnmental events (Flds, Fire etc) 3.8 Threat Histry Examinatin: Nw we have a cmpiled list f current threats. But it is always better t cnsider future threats, which may arise. The first step twards predicting future threats is t examine the cmpany's recrds and speak with lng-time emplyees abut past security threats that the cmpany has faced. Mst threats repeat themselves, s by catalging the cmpany's past experiences and including the relevant threats n yur threat list yu'll get a mre cmplete picture f yur cmpany's vulnerabilities. 3.9 Priritizing the Assets & Vulnerabilities: We have nw develped a cmplete list f all the assets and security threats that the cmpany may face. It is imprtant t cnsider that every asset r threat des nt have the same pririty level. In this step, we shall priritize the assets and vulnerabilities in rder t knw the cmpany's greatest security risks. Fllwing step shuld be taken t priritize the Assets & Vulnerabilities: Develping a Risk and Prbability Calculatin Matrix Calculate Risk. Calculate Prbability. Calculate Impact The implementatin f the cuntermeasure depends n the criticality f the assets and vulnerabilities. There are varius techniques available t priritize threats and vulnerabilities. Micrsft s DREAD (Damage, Reprducibility, Explitability, Affected Users, and Discverability) mdel f priritizing threats and vulnerabilities seems t be ne f the ppular methds.

3.10 Threat Impact Analysis: The term Impact is used t indicate the result f a threat reaching an asset. Threat Impact can be categrized int fllwing: Minr: minr lss f a business asset, n change in business rder Mderate: business disruptin, mderate changes in way f cnducting business Majr: ut f business unless cuntermeasures are deplyed immediately Catastrphic: ut f business frm the mment that the threat was realized The impact f a threat may affect Market Shares, Business Capital, Users, Stakehlders & Business Partners Trust and Cmpany reputatin. The immediate utcme f the threats reaching t an asset culd be disclsure, mdificatin, destructin, lss, interruptin and unauthrized access.

4. Develpment f Security Threat Respnse Plan: In this step a primary respnse plan t a particular threat based n the pririty list f assets and vulnerabilities shuld be develped. Althugh these security respnses are nt the nly apprpriate ways t deal with a security threat, but they cver the vast majrity f the threats the cmpany faces. Apart frm the primary respnse plan t the threats, fllwing implementatin is required as security strategy: Implementing Netwrk ACLs Implementing IDS/IPS Implementing IDM Backups Cntent & Email Filtering Implementing Physical Security

Cnclusin: Mdeling the applicatin is imprtant t identify threats and vulnerabilities in the applicatin, which may affect the cmpany business. It prvides an understanding f the cmpany assets and risk t the applicatin, assets and verall business. We have discussed ptential threats t the applicatin and requirement fr the threat mdeling prcess. Threat mdeling prcess prvides a security framewrk t secure the web applicatin. Using the frame is helpful in identifying threats and vulnerabilities in the System. While creating and implementing a Frame fr Web Applicatin security, tw main pints are cnsidered as critical: 1. The mst cmmn mistakes, which the develpers make 2. The mst prficient imprvements Based n the study, it can be cncluded that mdeling the applicatin fr present and future threats and vulnerabilities can prvide great level f security t the cmpany. Security plicies can be a very helpful practice in prtecting netwrks frm the threats vulnerabilities and maintains Cnfidentiality, Integrity and Availability f the system. Finally, being ever cautius and watchful will keep the attackers at hliday. S, it is always better t hide yurself frm Hacker, Cracker and Script Kiddies t survive in the tday's technlgical envirnment.

References: 1. Understanding and Develping a Threat Assessment Mdel, Stilians Vidalis and Andrew Blyth, University f Glamrgan. 2. J.D.Nswrthy, A Practical Risk Analysis Apprach: Managing BCM Risk. Cmputers & Security, 2000. Pg. 596-614 3. Analyzing Threat Agents & Their Attributes, Dr. Stilians Vidalis, Dr. Andrew Jnes, University f Glamrgan. 4. Electrnic Warfare Assciatin Australia (URL: www.ewa-australia.cm/infsec-stream2.htm) 5. http://searchsecurity.techtarget.cm/sdefinitin/0,290660,sid14_gci1166533,00.html 6. An Intrductin t FAIR: The Factr Analysis f Infrmatin Risk (FAIR) Framewrk. (URL: http://fairwiki.riskmanagementinsight.cm/?page_id=18) 7. http://www.itsecurity.cm/features/it-security-audit-010407/ 8. http://msdn2.micrsft.cm/en-us/library/ms978516.aspx

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information