We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byZander Boley
Modified over 2 years ago
wwwTASK.to © Toronto Area Security Klatch 2007 Threat Modeling With STRIDE and DREAD Chuck Ben-Tzur Security Consultant Sentry Metrics March 27, 2007
wwwTASK.to © Toronto Area Security Klatch 2007 (Application) Threat Modeling A process to identify threats to the system, the associated risks and determine the correct controls to produce effective countermeasures The output is a list of rated threats. The threat model helps you to focus on the most potent threats Aimed to be used at the design phase of a system. However, usually implemented at the testing phase (vulnerability assessment) Not only for web applications. Can be (and should be...) applied to different type of systems (e.g. networks)
wwwTASK.to © Toronto Area Security Klatch 2007 Threat Modeling (cont.) The threat modeling process (introduced by Microsoft around 2002) Identify Assets Create architecture overview (subsystems, trust boundaries, data flow) Decompose the application (Build a security profile) Identify the threats (STRIDE) Document the threats Rate the threats (DREAD)
wwwTASK.to © Toronto Area Security Klatch 2007 STRIDE A methodology for identifying and categorizing threats S S poofing identity T T ampering with data R R epudiation I I nformation disclosure D D enial of service E E levation of privileges “Business” oriented – easier for non-technical persons to relate to Expand (can replace) the “map by mechanisms and subsystems” approach Can be used also to identify threats (e.g. as pen. test checklist)
wwwTASK.to © Toronto Area Security Klatch 2007 DREAD A methodology for risk rating. Each vulnerability is graded in all of the following categories: D D amage potential 0 – Leaking Trivial Info, 5 – Sensitive, 10 – Admin level R R eproducibility 0 – Very difficult to reproduce, 5 – three steps, 10 – web browser E E xploitability 0 – very skilled, 5 – can be automated, 10 – novice programmer A A ffected Users 0 – few users, 5 – some users, 10 – all users D D iscoverability 0 – unlikely, 5 – accessible only to few users, 10 - published The risk overall rate calculation formula: Rating = (D + R + E + A + D) / 5 ThreatDREADRate Attacker obtains authentication credentials by monitoring the network10 5557High SQL commands injected into application10 59High
wwwTASK.to © Toronto Area Security Klatch 2007 DREAD (cont.)
wwwTASK.to O perationally C ritical T hreat A sset and V ulnerability E valuation Risk-based strategic assessment and planning technique for security Key differences: Organization focused (as opposed to system) Security practices (not technology specific) Strategic issues (not relating to tactical aspects) Self direction (security experts) Flexible - can be tailored for small and large organizations Focuses on the design and strategic planning of the organization Input is from both internal business and technical resources Not suitable for ad-hoc vulnerability assessments http://www.cert.org/octave/ © Toronto Area Security Klatch 2007 The OCTAVE Option
wwwTASK.to © Toronto Area Security Klatch 2007 Resources Threat Modeling http://msdn2.microsoft.com/en-us/security/aa570411.aspx Microsoft Threat Analysis & Modeling v2.1.1 http://www.microsoft.com/downloads/details.aspx?familyid=59888078-9daf-4e96- b7d1-944703479451&displaylang=en Octave http://www.cert.org/octave/ Good book on the subject Threat Modeling (Microsoft Professional)
Risk Assessment What is RISK? requires vulnerability likelihood of successful attack amount of potential damage Two approaches: threat modeling.
CSSE 492 Software Dependability Seattle University Computer Science & Software Engineering Winter 2007 Prof. Roshanak Roshandel.
What is RISK? requires vulnerability likelihood of successful attack amount of potential damage Two approaches: threat modeling OCTAVE Risk/Threat.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Documenting threats and vulnerabilities in a web services infrastructure Lieven Desmet DistriNet Research Group, Katholieke Universiteit Leuven, Belgium.
Chapter 1: Security Governance Through Principles and Policies
Practical Threat Modeling for Software Architects & System Developers
Hands on Demonstration for Testing Security in Web Applications
Presented by Mike Sues, Ethical Hack Specialist Threat Modeling.
Application Threat Modeling Workshop
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Threat modeling Aalto University, autumn 2011.
Application Software Assurance Program (ASAP) Santosh S Kandala Technical Analyst Application Consulting & Engineering Anmol Malhotra.
Security Development Lifecycle. Microsoft SDL 概觀 The SDL is composed of proven security practices It works in development organizations regardless of.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Writing Secure Code – Best Practices Name Job Title Company.
Writing Secure Code – Best Practices
Module 7: Designing Security for Accounts and Services.
Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
© 2017 SlidePlayer.com Inc. All rights reserved.