We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byZander Boley
Modified over 2 years ago
wwwTASK.to © Toronto Area Security Klatch 2007 Threat Modeling With STRIDE and DREAD Chuck Ben-Tzur Security Consultant Sentry Metrics March 27, 2007
wwwTASK.to © Toronto Area Security Klatch 2007 (Application) Threat Modeling A process to identify threats to the system, the associated risks and determine the correct controls to produce effective countermeasures The output is a list of rated threats. The threat model helps you to focus on the most potent threats Aimed to be used at the design phase of a system. However, usually implemented at the testing phase (vulnerability assessment) Not only for web applications. Can be (and should be...) applied to different type of systems (e.g. networks)
wwwTASK.to © Toronto Area Security Klatch 2007 Threat Modeling (cont.) The threat modeling process (introduced by Microsoft around 2002) Identify Assets Create architecture overview (subsystems, trust boundaries, data flow) Decompose the application (Build a security profile) Identify the threats (STRIDE) Document the threats Rate the threats (DREAD)
wwwTASK.to © Toronto Area Security Klatch 2007 STRIDE A methodology for identifying and categorizing threats S S poofing identity T T ampering with data R R epudiation I I nformation disclosure D D enial of service E E levation of privileges “Business” oriented – easier for non-technical persons to relate to Expand (can replace) the “map by mechanisms and subsystems” approach Can be used also to identify threats (e.g. as pen. test checklist)
wwwTASK.to © Toronto Area Security Klatch 2007 DREAD A methodology for risk rating. Each vulnerability is graded in all of the following categories: D D amage potential 0 – Leaking Trivial Info, 5 – Sensitive, 10 – Admin level R R eproducibility 0 – Very difficult to reproduce, 5 – three steps, 10 – web browser E E xploitability 0 – very skilled, 5 – can be automated, 10 – novice programmer A A ffected Users 0 – few users, 5 – some users, 10 – all users D D iscoverability 0 – unlikely, 5 – accessible only to few users, 10 - published The risk overall rate calculation formula: Rating = (D + R + E + A + D) / 5 ThreatDREADRate Attacker obtains authentication credentials by monitoring the network10 5557High SQL commands injected into application10 59High
wwwTASK.to © Toronto Area Security Klatch 2007 DREAD (cont.)
wwwTASK.to O perationally C ritical T hreat A sset and V ulnerability E valuation Risk-based strategic assessment and planning technique for security Key differences: Organization focused (as opposed to system) Security practices (not technology specific) Strategic issues (not relating to tactical aspects) Self direction (security experts) Flexible - can be tailored for small and large organizations Focuses on the design and strategic planning of the organization Input is from both internal business and technical resources Not suitable for ad-hoc vulnerability assessments http://www.cert.org/octave/ © Toronto Area Security Klatch 2007 The OCTAVE Option
wwwTASK.to © Toronto Area Security Klatch 2007 Resources Threat Modeling http://msdn2.microsoft.com/en-us/security/aa570411.aspx Microsoft Threat Analysis & Modeling v2.1.1 http://www.microsoft.com/downloads/details.aspx?familyid=59888078-9daf-4e96- b7d1-944703479451&displaylang=en Octave http://www.cert.org/octave/ Good book on the subject Threat Modeling (Microsoft Professional)
Risk Assessment What is RISK? requires vulnerability likelihood of successful attack amount of potential damage Two approaches: threat modeling.
CSSE 492 Software Dependability Seattle University Computer Science & Software Engineering Winter 2007 Prof. Roshanak Roshandel.
What is RISK? requires vulnerability likelihood of successful attack amount of potential damage Two approaches: threat modeling OCTAVE Risk/Threat.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Documenting threats and vulnerabilities in a web services infrastructure Lieven Desmet DistriNet Research Group, Katholieke Universiteit Leuven, Belgium.
Chapter 1: Security Governance Through Principles and Policies.
Practical Threat Modeling for Software Architects & System Developers
Hands on Demonstration for Testing Security in Web Applications
Presented by Mike Sues, Ethical Hack Specialist Threat Modeling.
Application Threat Modeling Workshop
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Threat modeling Aalto University, autumn 2011.
Application Software Assurance Program (ASAP) Santosh S Kandala Technical Analyst Application Consulting & Engineering Anmol Malhotra.
Security Development Lifecycle. Microsoft SDL 概觀 The SDL is composed of proven security practices It works in development organizations regardless of.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Writing Secure Code – Best Practices Name Job Title Company.
Writing Secure Code – Best Practices
Module 7: Designing Security for Accounts and Services.
Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
April 3-5, 2005Security Professionals Conference Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring.
OBJECT ORIENTED SYSTEM ANALYSIS AND DESIGN. COURSE OUTLINE The world of the Information Systems Analyst Approaches to System Development The Analyst as.
SEC835 Database and Web application security Information Security Architecture.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
1 I ntegrated S ite S ecurity for G rids WP2 – Site Assessment Methodology, 20 June 2007 WP2 - Methodology ISS e G Integrated Site Security.
© Blackboard, Inc. All rights reserved. Developing Secure Software Bob Alcorn, Blackboard Inc.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Threat Modeling: Employing the 5 Ws Security Series, December 13, 2013 Jeff Minelli Penn State ITS
GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.
1 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Edward Bonver Principal Software Engineer, Symantec Product.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Risk Management Process Frame = context, strategies Assess = determine.
Secure Software Development Mini Zeng University of Alabama in Huntsville 1.
Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.
Architecting secure software systems
Cryptography and Network Security
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Integrated Enterprise-wide Risk Management Protecting Critical Information Assets and Records FIRM Forum.
Risk Assessment What is good about the Microsoft approach to threat modeling? OCTAVE… Advantage: ___________ Disadvantage: ___________ What is bad.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Applied Cryptography for Network Security
Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
A Framework for Automated Web Application Security Evaluation
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
UNIT-1 SOFTWARE PRODUCT AND PROCESS: Introduction – S/W Engineering paradigm – Verification – Validation – Life cycle models – System engineering –
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
© 2017 SlidePlayer.com Inc. All rights reserved.