Software Security - WordPress.com · 2015-05-31 · 2.2 Database availability The bank databases...

Software Security Assignment : Lab Report 2

Victor Bauer

Table of content Threat Model Information ............................................................................................................................................................................ 3

External Dependencies ........................................................................................................................................................................... 3

Entry Points................................................................................................................................................................................................... 4

Assets .............................................................................................................................................................................................................. 5

Trusts Levels ................................................................................................................................................................................................ 8

Data flow diagrams.......................................................................................................................................................................................... 9

General DfD .................................................................................................................................................................................................... 9

Customer DfD ............................................................................................................................................................................................. 10

Admin/staff Dfd ........................................................................................................................................................................................ 11

STRIDE threat list.......................................................................................................................................................................................... 12

Spoofing: ...................................................................................................................................................................................................... 12

1) Spoofing of the Administrator ................................................................................................................................................ 12

2) Spoofing of the Customer ......................................................................................................................................................... 12

Tampering: .................................................................................................................................................................................................. 12

1) Potential SQL injection ................................................................................................................................................................. 12

2) Risks from logging ....................................................................................................................................................................... 12

Repudiation: ............................................................................................................................................................................................... 12

1) Insufficient Auditing ................................................................................................................................................................... 12

2) Potential Weak Protections for Audit Data ....................................................................................................................... 12

Information disclosure: ......................................................................................................................................................................... 12

1) Weak Authentication Scheme ................................................................................................................................................... 12

2) Weak Credential Storage ............................................................................................................................................................. 12

Denial of service: ...................................................................................................................................................................................... 13

1) Data Flow HTTPS Is Potentially Interrupted .................................................................................................................... 13

2) Potential Process Crash or Stop for Bank Web app ....................................................................................................... 13

Elevation of privilege: ............................................................................................................................................................................. 13

1) Elevation Using Impersonation .............................................................................................................................................. 13

2) Elevation of Privilege Using Remote Code Execution ................................................................................................... 13

Dreads ............................................................................................................................................................................................................... 13

Conclusion: ...................................................................................................................................................................................................... 13

Threat Model Information

APPLICATION VERSION : 1.0

DESCRIPTION An online banking application allows customers to

perform banking activities such as money

transfers over the internet.

The type of transactions supported by the

application includes bill payments, money transfers

between customer’s own accounts and accounts in

other bank institutions, account balance inquires,

transaction inquires, bank statements request.

There are 3 type of users :

Customers, Bank staff & Admin

DOCUMENT OWNER Victor Bauer

PARTICIPANT Victor Bauer

REVIEWER Vincent Ryan

External Dependencies ID DESCRIPTION

1 The bank website will run on a Linux server. This server will be hardened as per the bank

administrator. This includes the application of the latest operating system and application security

patches.

2 The database server will be MySQL and it will run on a Linux server. This server will be hardened as

per the bank administrator. This will include the application of the latest operating system and

application security patches.

3 The connection between the Web Server and the database server will be over a private network.

4 The Web Server is behind a firewall and the only communication available is TLS.

5 The browser of the user is well hardened with anti-virus protection & latest operating system and

browser security patches.

Entry Points

ID NAME DESCRIPTION TRUST LEVELS

1 HTTPS Port The bank is only accessible via TLS port, so all

entries will come from this port

(1) Anonymous Web User

(2) User with Valid Login Credentials

(3) User with Invalid Login Credentials

(4) Bank Staff

(5) Bank Admin

2 Login Page The customers, staff and admin need to log in

before using the web application function




(4) Bank Staff

(5) Bank Admin

3 Login Function All users will log in with this function. It will compare

the submitted credentials with the database one



(4) Bank Staff

(5) Bank Admin

4 Register Page All new customers need to use this page to create

a new account and access to the web application

function




(4) Bank Staff

(5) Bank Admin

5 Register

Function

The new customer applies account information,

personal information & credit card information to

create a new account


6 Bank main

page

The splash page for the bank website is the entry

point for all users.




(4) Bank Staff

(5) Bank Admin

Assets


1 Bank customers,

staff & admin

Assets relative to customers, staff and

admin

1.1 Customers login

details

The login credentials that a customer will

use to log into the College Library website.


(6) Web Server Process

(7) Database Read User

(8) Database Read/Write User

(10) Database Read Admin

(11) Database Read/Write Admin

1.2 Staff login

details

The login credentials that a bank’s staff

person will use to log into the College

Library website.

(4) Bank Staff


(9) Database Read staff



1.3 Admin login

details

The login credentials that a bank’s admin

person will use to log into the College

Library website.

(5) Bank Admin




1.4 Personal Data The bank server will store personal

information about the users, and the

customers could retrieve it.








1.5 Credit card Data The bank server will store credit card

information of the customers and the








1.6 Bank account

Data

The bank server will store information about

the account of the customers and the



(4) Bank Staff








2 System Assets relating to the underlying system.

2.1 Web page

availability

The bank webpage has to be available 24

hours a day to the customers, staff & admin.

(5) Bank Admin

2.2 Database

availability

The bank databases have to be available 24

hours a day to customers, staff & admin.

(5) Bank Admin

2.3 Execute source

code

This is the ability to execute source code on

the web server

(5) Bank Admin


2.4 Execute sql read

queries

This is the ability to execute read sql

queries, with the associated privilege of the

logged account, to retrieve data from the

server






2.5 Execute sql

read/write

queries

This is the ability to execute read/write sql

queries, with the associated privilege of the

logged account, to retrieve data from the

server



2.5 Check the logs The administrator of the system should be

able to check the logs of the site & database

(5) Bank Admin

2.6 Data

management

The administrator of the system should be

able to add & remove Data from the system

(5) Bank Admin



3 Website Assets relating to the bank website

3.1 Login Session This is the login session, used by

customers, staff & admin


3.2 Registration The registration must be supplied with valid

information, which allow to register to the

bank


3.3 Access to the

Database Server

Access to the database server allows you to

administer the database, giving you full

access to the database users and all data

contained within the database.



3.4 Account balance The balance of an account could be

checked on the website


(4) Bank Staff


3.5 Account

Transaction

The customers could make transaction with

his money on his account

(2) User with Valid Login Credentials (6)

Web Server Process

3.6 Bill payment The customers could check and pay his bill

on the website



3.7 Bank statement

request

This is a functionality which allow you to

request a bank statement for your account

as customer



Trusts Levels

ID NAME DESCRIPTION

1 Anonymous Web

User

A user who has connected to the bank website but has not provided

valid credentials

2

User with Valid Login

Credentials

A user who has connected to the bank website and has logged in using valid login credentials.

.

3

User with Invalid

Login Credentials

A user who has connected to the bank website and is attempting to log in using invalid login credentials.

4 Bank Staff A member of the staff of the bank

5 Bank Administrator A member of the bank’s IT administrator

6 Web Server Process An entity that the web server executes code as and authenticates itself against

the database server as.

7 Database Read User The database user account used to access the database for read access.

8 Database Read/Write

User

The database user account used to access the database for read and write

access.

9 Database Read Staff The database staff account used to access the database for read access.

10 Database Read Admin The database admin account used to access the database for read access.

11 Database Read/Write

Admin

The database admin account used to access the database for read and write

access.

Data flow diagrams General DfD

Customer DfD

Admin/staff Dfd

STRIDE threat list

Spoofing: Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address.

1) Spoofing of the Administrator The Administrator may be spoofed by an attacker with a MitM attack. It may result a complete failure of the security system, granting the access of all the databases and all functionality on it to the attacker. It can be counter-measured with TLS communication, session tocken.

2) Spoofing of the Customer The customer may be spoofed by an attacker, it may result the loss of the access of the account, and granting the access to the attacker of the bill functionality, account balance, money transfer and personal information.

Tampering: Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes.

1) Potential SQL injection The tampering of the incoming data may result with a sql injection in the different databases, it may execute malicious code sent by the attacker It can be counter-measured by prepared statement and database privilege elaboration.

2) Risks from logging Tampering coming from the logs could be possible. The logs files needs to be sanitize with a simple implementation of a single reader.

Repudiation: Repudiation threats involve an adversary denying that something happened.

1) Insufficient Auditing We need to be sure that our logs files capture everything happening on the server, the website and the database to be sure to counter an attacker denying that he did something. The system needs to be correctly handled and maintained by the IT Team.

2) Potential Weak Protections for Audit Data If the Auditing is sufficient, the attacker may try to falsified the logs in order to be invisible or erasing his prints. Ensure access to the log is through a reference monitor, which controls read and write separately. Document what filters, if any, readers can rely on, or writers should expect.

Information disclosure: Information disclosure happens when the information can be read by an unauthorized party

1) Weak Authentication Scheme A weak authentication scheme result in a breakable application. The credentials and information required to be logged need to be strengthened to be secure from brute force attack etc.

2) Weak Credential Storage All the information stored in the database needs to be replaced by a hash, or needs to be salted and encrypted, if the server is compromised.

Denial of service: Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec.

1) Data Flow HTTPS Is Potentially Interrupted If a data flow is interrupted by a DoS or an internal server error, the users functionality cannot execute well and the customers may lose information.

2) Potential Process Crash or Stop for Bank Web app A DoS attack may crash the web application making the website unreachable for the users. Blacklist, ip check, some algorithm & rate limiting can minimize the attack

Elevation of privilege: A user subject gains increased capability or privilege by taking advantage of an implementation bug.

1) Elevation Using Impersonation The impersonation is theoretically counter-measured, then the elevation of privilege may not be successful using this. We can also add Csrf & Xss countermeasure to avoid impersonation.

2) Elevation of Privilege Using Remote Code Execution The entire application need to sanitize all incoming data, in order to avoid any remote code execution, or software exploit.

Dreads Damage potential: What are the consequences of a successful exploit? Reproducibility: Would an exploit work every time or only under certain circumstances? Exploitability: How difficult is it to perform the attack? Affected users: How many users would be affected by a successful exploit, and how important are these users? Discoverability: How likely is it that an attacker will know the vulnerability exists?

Threat D R E A D Avg Spoofing 9 8 8 9 10 8.8

Tampering 10 7 9 8 8 8.4 Repudiation 6 7 3 9 3 5.6 Information

disclosure 8 8 5 9 3 6.6

Denial of service

8 9 8 10 10 9

Elevation of privilege

10 9 3 9 3 6.8

Conclusion: Making a threat modelling is very important and needs to be done before the creation of the application. Even if it cost a lot, I think it will ever be worth it. It improve the security of the application, not even because someone is here to tell you how to make a countermeasure, but the simple fact to be aware of the risks and the threat and where do they come, will strengthen the way of coding for some people. For the tools, it’s very helpful and time saviour but it need to be correctly used, so a novice can’t use it properly.

Date post:	18-Jun-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

Software Security - WordPress.com · 2015-05-31 · 2.2 Database availability The bank databases...

Documents