Date post: | 19-Jan-2018 |
Category: |
Documents |
Upload: | aubrey-harvey |
View: | 219 times |
Download: | 0 times |
Presented byMike Sues, Ethical Hack Specialist
Threat Modeling
2Threat Modelling
Objectives To understand
The basics of threat modeling Where threat modeling fits in the SDLC Use and construction of attack trees
3
Talk Outline Threat modeling SDLC Attack trees
Threat Modelling
4
Motivation Threat Risk Assessment
Understand threats and risks Manage costs of mitigation Minimize the attack surface
Sales Increased security/privacy concerns C & A
Threat Modelling
5
Historically Lack of understanding of threats Security was an add-on
Band-aid solutions Use of security buzzwords/technology
Threat Modelling
6
Threat Modeling Threat Risk Assessment Apply appropriate controls Attack Trees
Threat Modelling
7
Goals Identify,
assets protected by the application threats to the assets
Develop, Mitigation strategies
Threat Modelling
8
Assets Data
Application Configuration Database records
Threat Modelling
9
Assets Examples
Application Code Configuration
User authentication credentials Business data
User data records Audit trails
Threat Modelling
10
Assets Value
Classification Monetary value
Replacement cost Intangible
Reputation
Threat Modelling
11
Threats Model application and data flows
High-level architectural diagram of application Model threats to assets
Multiple vectors Consider,
Asset Severity Likelihood Costs
Threat Modelling
12
Threats Taxonomy
S.T.R.I.D.E Spoofing Tampering Repudiation Information disclosure Denial of service Elevation of privilege
Threat Modelling
13
Threats Spoofing
Replay requests to a database server to gain unauthorized access to data
Tampering Defacement of a web site
Repudiation Deleting or modifying audit trail records
Information disclosure Gaining unauthorized access to data
Threat Modelling
14
Threats Denial of service
Crashing or flooding a service Elevation of privilege
Hijacking another user’s session with the application to gain access to the user’s data
Threat Modelling
15
Threats Attack trees
Graphically model attack goals & vectors Root of tree is the overall goal
e.g. Steal passwords Children are sub-goals
One step or multiple steps e.g. Collect plaintext passwords or shoulder surf e.g. Collect password hashes and crack hashes e.g. Gain privileged access and install keystroke
collector and exfiltrate password
Threat Modelling
16
Attack Trees
Threat Modelling
Steal passwords
Shoulder surf Collect sessions
Parse plaintextpassword
Parsepassword hash
Crackpassword hash
Gainremote access
Installkeystroke logger
Exfiltratepasswords
17
Attack Trees Node attributes
Cost Availability of tools etc
Threat evaluation Risk
Threat Modelling
18
Mitigation Rank threats
Prioritize Develop a strategy,
Ignore the risk Accept the risk Delegate the risk Fix the problem
Threat Modelling
19
Exercise HackMe Travel Identify assets Identify threats
STRIDE Build one attack tree
Threat Modelling
20
Conclusion Threat modeling,
Understanding the threat environment Manage costs of mitigation Guide to the application secure design
principles
Minimize an application’s attack surface
Threat Modelling
21
Conclusion Questions?
Threat Modelling
22
w w w. r i g e l k s e c u r i t y. c o m
Presented by Mike Sues,Ethical Hack Specialistm s u e s @ r i g e l k s e c u r i t y . c o m
Marie Pilon, Director of Operations t r a i n i n g @ r i g e l k s e c u r i t y . c o m
Rigel Kent Training - 180 Preston St. 3Rd Floor – Ottawa, On
1(613)233-HACK 1-877-777-H8CK