SlideShare a Scribd company logo

Hickman threat modeling

jonecx
jonecx
Education
1 of 31
Download to read offline
Application Security and Threat Modeling Ben Hickman VP Engineering ben.hickman@sftsrc.com
Agenda Why Worry? Creating a Security Process Threat Models The Threat Modeling Process Secure Programming Principles Security Testing Questions?
Why Worry? Attacks are increasing Attack complexity is increasing stack overruns, heap overruns, format strings, integer overflow, …? Time from vulnerability discovery to exploit is decreasing Security is a CERT Incidents requirement or (http://www.cert.org/stats/cert_stats.html) a competitive 140000 advantage 120000 100000 80000 60000 40000 20000 0 88 89 90 91 92 93 94 95 96 97 98 99 00 01 02 03 19 19 19 19 19 19 19 19 19 19 19 19 20 20 20 20
Creating a Security Process •Train and keep current in application security. •Architects, developers, testers People •Stay disciplined about security. •Stay current with the state of the art. •Make security a critical part of design, development, testing, and deployment. Process •Security threat analysis part of every design •Design and code reviews •External audits. •Build tools, automate as much as possible. Technology •Select technology a security focus.
A Security Framework: SD3 •Engineer training Secure •Secure architecture •Security code reviews By Design •Threat modeling •Reduce vulnerabilities in code Secure •Reduce attack surface area •Unused features off by default By Default •Run with least privilege Secure •Protect, detect, defend, recover, manage •Process: how to’s, architecture guides In Deployment •Proper training
Threat Models You cannot build secure applications unless you understand your threats “We use SSL!” “We have a firewall!” Create a security analysis of your application Find different bugs than code review and testing Find layered security bugs Quantify your attack surface Starting point for testing
The Sample Application Administrative Application Administrator Authentication Admin Bill Payment Data interface logic Data User Interface User Bill payment business logic Web server Web service client User Upload interface Developer
The Threat Modeling Process 1. Decompose the application 2. Determine the threats 3. Rank the threats by decreasing risk 4. Choose how to respond to the threats 5. Choose mitigation techniques
1. Decompose The Application Diagram the flow of data and/or control Data flow diagrams UML activity diagrams Recursively decompose the application into systems First determine trust boundaries Define subsystems
1. Decompose The Application continued Go n levels deep 2, 3, 4, … Until you understand the processes in the application Consider: Define the scope, not every inner working Identify data sources and processes Identify request target and response recipients Flow of data/control across trust boundaries
Context Data Flow Diagram Data center Internet Admin Admin task request Admin task response Bill payment request Bill Payment application User Bill payment response Update files Developer
Level 1 Data Flow Diagram (partial) Data center Machine boundary Internet Authentication Bill payment Data data Cred- entials Auth Bill payment status data request Bill payment Bill payment Bill payment request data request request Service Enforce bill payment Access User client policy data request Bill payment Bill payment Bill payment response response data Request Requested page code Web Web service Pages code
2. Determine The Threats Use STRIDE to categorize the threats Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege
Spoofing Identity An attacker poses as another user or a machine poses as a valid/trusted machine Examples Basic HTTP authentication sends credentials in the clear Credentials or tokens stored in HTTP cookies Authentication tokens in the clear on the wire Intercepting DNS requests – DNS spoofing
Tampering With Data Attacker modifies data Examples SQL injection to modify database data Modifying data on the wire, in transit Unsecured access to pages and components HTTP Cookies
Repudiation No way to know what an attacker or user did Examples User performs an illegal operation and there is no trace of what happened Attacker gets a product ordered without paying and there is no audit trail
Information Disclosure Exposure of information to a user who is not supposed to see it Examples Reading on the wire Unsecured pages and components Error messages that reveal implementation details
Denial Of Service Attacker denies service to valid users Examples DDoS attacks Poorly behaved components that can be exploited Disabling a credential store
Elevation Of Privilege Unprivileged user gains privileged access Examples Install an .exe and wait for an admin logon Unsecured components that communicate to other services with admin rights Impersonation
Document The Threats Threat Trees Threat Outlines Threat Details
Threat Trees Describes the attacker’s process Threat #1 Gain user’s credentials I, S, E 1.1 1.3 1.4 1.2 Snoop Compromise Malicious software Guess valid authentication server credential reads local user’s credentials connection store password 1.4.1 1.4.2 User acquires Install malicious virus that reads code on computer password
Threat Outlines 1 Gain user’s credentials 1.1 Snoop authentication connection 1.2 Guess valid credentials 1.3 Compromise server credential store 1.4 Malicious software reads local user’s password • 1.4.1 User acquires virus that reads password • 1.4.2 Install malicious code on computer
Threat Details Title Gain user’s credentials Threat target Bill payment request Threat types Information disclosure, Spoofing identity, Elevation of privilege Risk … Mitigation techniques Use SSL Bug number …
3. Rank The Threats Calculate using DREAD Damage potential Reproducibility Exploitability Affected users Discoverability Rank by decreasing risk Rank each from 1 – 10 Threat risk = average
3. Rank The Threats Calculate by following the path of least resistance 1 Gain user’s credentials Damage potential: 8 Reproducibility: 10 Exploitability: 7 Affected users: 10 Discoverability: 10 DREAD Risk: 7.5
4. Choose How To Respond Do nothing You’ll eventually pay for this choice Warn the user Will the user know what to do? Remove the problem Rather than ship a security bug Fix the problem Yes!
5. Choose Mitigation Techniques Spoofing identity Appropriate authentication Don’t store secrets Tampering with Data Appropriate authorization Hashes, digital signatures Tamper-resistant protocols Repudiation Digital signatures Audit trails Information disclosure Authorization Encryption Don’t store secrets Denial of service Filtering, Throttling, QoS Appropriate Authorization Elevation of Privilege Run with least privilege
5. Choose Mitigation Techniques continued Update your threat documentation to include mitigation Threat #1 Gain user’s credentials I, S, E 1.1 1.3 1.4 1.2 Snoop Compromise Malicious software Guess valid authentication server credential reads local user’s credentials connection store password 1.4.1 1.4.2 User acquires Install malicious Enforce strong virus that reads Using SSL code on computer passwords password Need physical Need physical access to access to server machine
Secure Programming Principles Don’t trust user input Run with least privilege Secure failure and defaults Defend with depth Don’t store secrets Assume external systems are insecure
Security Testing The QA process must include a security focus Think ‘evil’ Threat model drives testing Each threat gets tested STRIDE drives techniques DREAD drives priorities Mutate data for attacks Can you identify new threats?
Questions? Passionate about technology Strategy & Consulting Education & Mentoring Application Development Application Security http://www.sftsrc.com

Recommended

TH e-GIF on SOA Using Open Enterprise Architecture
TH e-GIF on SOA Using Open Enterprise ArchitectureTH e-GIF on SOA Using Open Enterprise Architecture
TH e-GIF on SOA Using Open Enterprise ArchitectureThanachart Numnonda
 
eCommerce & Internet
eCommerce & InterneteCommerce & Internet
eCommerce & InternetWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
E-commerce and Internet
E-commerce and InternetE-commerce and Internet
E-commerce and InternetWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Newgen Solutions for Telecom
Newgen Solutions for TelecomNewgen Solutions for Telecom
Newgen Solutions for Telecomnewgenpartners
 
New information strategy, Advanced Case Management (IBM Information Management)
New information strategy, Advanced Case Management (IBM Information Management)New information strategy, Advanced Case Management (IBM Information Management)
New information strategy, Advanced Case Management (IBM Information Management)IBM Danmark
 
Energy utilities cis and billing
Energy utilities cis and billingEnergy utilities cis and billing
Energy utilities cis and billingBiju M R
 
Smart Micro Credit Business Suite
Smart Micro Credit Business SuiteSmart Micro Credit Business Suite
Smart Micro Credit Business SuiteFahad Iftikhar
 
Oracle FastForward Flows For SCM - Analyst Briefing
Oracle FastForward Flows For SCM - Analyst BriefingOracle FastForward Flows For SCM - Analyst Briefing
Oracle FastForward Flows For SCM - Analyst BriefingLeah Walling
 

Recommended

TH e-GIF on SOA Using Open Enterprise Architecture
TH e-GIF on SOA Using Open Enterprise ArchitectureTH e-GIF on SOA Using Open Enterprise Architecture
TH e-GIF on SOA Using Open Enterprise ArchitectureThanachart Numnonda
 
eCommerce & Internet
eCommerce & InterneteCommerce & Internet
eCommerce & InternetWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
E-commerce and Internet
E-commerce and InternetE-commerce and Internet
E-commerce and InternetWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Newgen Solutions for Telecom
Newgen Solutions for TelecomNewgen Solutions for Telecom
Newgen Solutions for Telecomnewgenpartners
 
New information strategy, Advanced Case Management (IBM Information Management)
New information strategy, Advanced Case Management (IBM Information Management)New information strategy, Advanced Case Management (IBM Information Management)
New information strategy, Advanced Case Management (IBM Information Management)IBM Danmark
 
Energy utilities cis and billing
Energy utilities cis and billingEnergy utilities cis and billing
Energy utilities cis and billingBiju M R
 
Smart Micro Credit Business Suite
Smart Micro Credit Business SuiteSmart Micro Credit Business Suite
Smart Micro Credit Business SuiteFahad Iftikhar
 
Oracle FastForward Flows For SCM - Analyst Briefing
Oracle FastForward Flows For SCM - Analyst BriefingOracle FastForward Flows For SCM - Analyst Briefing
Oracle FastForward Flows For SCM - Analyst BriefingLeah Walling
 
Search2012 ibm vf
Search2012 ibm vfSearch2012 ibm vf
Search2012 ibm vfIsabelle Claverie-Berge
 
Erp presales
Erp presalesErp presales
Erp presalesVivek Srivastava
 
CustomerGauge Net Promoter API Webinar 11oct2011
CustomerGauge Net Promoter API Webinar 11oct2011CustomerGauge Net Promoter API Webinar 11oct2011
CustomerGauge Net Promoter API Webinar 11oct2011CustomerGauge
 
Scaling MySQL: Benefits of Automatic Data Distribution
Scaling MySQL: Benefits of Automatic Data DistributionScaling MySQL: Benefits of Automatic Data Distribution
Scaling MySQL: Benefits of Automatic Data DistributionScaleBase
 
ECM: Bridging Content Process and Compliance Divide
ECM: Bridging Content Process and Compliance DivideECM: Bridging Content Process and Compliance Divide
ECM: Bridging Content Process and Compliance DivideNewgen Software Technologies Limited
 
The aidwork platform
The aidwork platformThe aidwork platform
The aidwork platformSteveHutcheson
 
Information system and data modelling tools
Information system and data modelling toolsInformation system and data modelling tools
Information system and data modelling toolsMR Z
 
DFD ภาษาอังกฤษ
DFD ภาษาอังกฤษDFD ภาษาอังกฤษ
DFD ภาษาอังกฤษskiats
 
080310 watson - msft in banking
080310 watson - msft in banking080310 watson - msft in banking
080310 watson - msft in bankingErick Watson
 
CEP Overview v1 2 for public use
CEP Overview v1 2 for public useCEP Overview v1 2 for public use
CEP Overview v1 2 for public usePaul Vincent
 
First Data Trans Armor
First Data Trans ArmorFirst Data Trans Armor
First Data Trans ArmorJoshua Willis
 
Amplexor - The K2 Case Management Framework
Amplexor - The K2 Case Management FrameworkAmplexor - The K2 Case Management Framework
Amplexor - The K2 Case Management FrameworkAmplexor
 
Increase Agility & ROI: BPM in Business Support Systems
Increase Agility & ROI: BPM in Business Support SystemsIncrease Agility & ROI: BPM in Business Support Systems
Increase Agility & ROI: BPM in Business Support SystemsSrikanth Minnam
 
E procbay overview demo presentation
E procbay overview demo presentationE procbay overview demo presentation
E procbay overview demo presentationFaheem Rehman
 
Strategies For Growth Post Sepa Deutsche Brendan Reilly
Strategies For Growth Post Sepa Deutsche Brendan ReillyStrategies For Growth Post Sepa Deutsche Brendan Reilly
Strategies For Growth Post Sepa Deutsche Brendan ReillyRoberto Grossi
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
ATP Technology Pillars
ATP Technology PillarsATP Technology Pillars
ATP Technology PillarsPriyanka Aash
 
Secure Password Storage & Management
Secure Password Storage & ManagementSecure Password Storage & Management
Secure Password Storage & ManagementSastry Tumuluri
 
Threat Modeling for Web Applications (and other duties as assigned)
Threat Modeling for Web Applications (and other duties as assigned)Threat Modeling for Web Applications (and other duties as assigned)
Threat Modeling for Web Applications (and other duties as assigned)Mike Tetreault
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development SecurityAlfred Ouyang
 
Improving web application security, part ii
Improving web application security, part iiImproving web application security, part ii
Improving web application security, part iiKangkan Goswami
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingPriyanka Aash
 

More Related Content

What's hot

CustomerGauge Net Promoter API Webinar 11oct2011
CustomerGauge Net Promoter API Webinar 11oct2011CustomerGauge Net Promoter API Webinar 11oct2011
CustomerGauge Net Promoter API Webinar 11oct2011CustomerGauge
 
Scaling MySQL: Benefits of Automatic Data Distribution
Scaling MySQL: Benefits of Automatic Data DistributionScaling MySQL: Benefits of Automatic Data Distribution
Scaling MySQL: Benefits of Automatic Data DistributionScaleBase
 
Information system and data modelling tools
Information system and data modelling toolsInformation system and data modelling tools
Information system and data modelling toolsMR Z
 
DFD ภาษาอังกฤษ
DFD ภาษาอังกฤษDFD ภาษาอังกฤษ
DFD ภาษาอังกฤษskiats
 
080310 watson - msft in banking
080310 watson - msft in banking080310 watson - msft in banking
080310 watson - msft in bankingErick Watson
 
CEP Overview v1 2 for public use
CEP Overview v1 2 for public useCEP Overview v1 2 for public use
CEP Overview v1 2 for public usePaul Vincent
 
First Data Trans Armor
First Data Trans ArmorFirst Data Trans Armor
First Data Trans ArmorJoshua Willis
 
Amplexor - The K2 Case Management Framework
Amplexor - The K2 Case Management FrameworkAmplexor - The K2 Case Management Framework
Amplexor - The K2 Case Management FrameworkAmplexor
 
Increase Agility & ROI: BPM in Business Support Systems
Increase Agility & ROI: BPM in Business Support SystemsIncrease Agility & ROI: BPM in Business Support Systems
Increase Agility & ROI: BPM in Business Support SystemsSrikanth Minnam
 
E procbay overview demo presentation
E procbay overview demo presentationE procbay overview demo presentation
E procbay overview demo presentationFaheem Rehman
 
Strategies For Growth Post Sepa Deutsche Brendan Reilly
Strategies For Growth Post Sepa Deutsche Brendan ReillyStrategies For Growth Post Sepa Deutsche Brendan Reilly
Strategies For Growth Post Sepa Deutsche Brendan ReillyRoberto Grossi
 

What's hot (15)

Search2012 ibm vf
Search2012 ibm vfSearch2012 ibm vf
Search2012 ibm vf
 
Erp presales
Erp presalesErp presales
Erp presales
 
CustomerGauge Net Promoter API Webinar 11oct2011
CustomerGauge Net Promoter API Webinar 11oct2011CustomerGauge Net Promoter API Webinar 11oct2011
CustomerGauge Net Promoter API Webinar 11oct2011
 
Scaling MySQL: Benefits of Automatic Data Distribution
Scaling MySQL: Benefits of Automatic Data DistributionScaling MySQL: Benefits of Automatic Data Distribution
Scaling MySQL: Benefits of Automatic Data Distribution
 
ECM: Bridging Content Process and Compliance Divide
ECM: Bridging Content Process and Compliance DivideECM: Bridging Content Process and Compliance Divide
ECM: Bridging Content Process and Compliance Divide
 
The aidwork platform
The aidwork platformThe aidwork platform
The aidwork platform
 
Information system and data modelling tools
Information system and data modelling toolsInformation system and data modelling tools
Information system and data modelling tools
 
DFD ภาษาอังกฤษ
DFD ภาษาอังกฤษDFD ภาษาอังกฤษ
DFD ภาษาอังกฤษ
 
080310 watson - msft in banking
080310 watson - msft in banking080310 watson - msft in banking
080310 watson - msft in banking
 
CEP Overview v1 2 for public use
CEP Overview v1 2 for public useCEP Overview v1 2 for public use
CEP Overview v1 2 for public use
 
First Data Trans Armor
First Data Trans ArmorFirst Data Trans Armor
First Data Trans Armor
 
Amplexor - The K2 Case Management Framework
Amplexor - The K2 Case Management FrameworkAmplexor - The K2 Case Management Framework
Amplexor - The K2 Case Management Framework
 
Increase Agility & ROI: BPM in Business Support Systems
Increase Agility & ROI: BPM in Business Support SystemsIncrease Agility & ROI: BPM in Business Support Systems
Increase Agility & ROI: BPM in Business Support Systems
 
E procbay overview demo presentation
E procbay overview demo presentationE procbay overview demo presentation
E procbay overview demo presentation
 
Strategies For Growth Post Sepa Deutsche Brendan Reilly
Strategies For Growth Post Sepa Deutsche Brendan ReillyStrategies For Growth Post Sepa Deutsche Brendan Reilly
Strategies For Growth Post Sepa Deutsche Brendan Reilly
 

Viewers also liked

Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
ATP Technology Pillars
ATP Technology PillarsATP Technology Pillars
ATP Technology PillarsPriyanka Aash
 
Secure Password Storage & Management
Secure Password Storage & ManagementSecure Password Storage & Management
Secure Password Storage & ManagementSastry Tumuluri
 
Threat Modeling for Web Applications (and other duties as assigned)
Threat Modeling for Web Applications (and other duties as assigned)Threat Modeling for Web Applications (and other duties as assigned)
Threat Modeling for Web Applications (and other duties as assigned)Mike Tetreault
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development SecurityAlfred Ouyang
 
Improving web application security, part ii
Improving web application security, part iiImproving web application security, part ii
Improving web application security, part iiKangkan Goswami
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingPriyanka Aash
 
Threat Modeling And Analysis
Threat Modeling And AnalysisThreat Modeling And Analysis
Threat Modeling And AnalysisLalit Kale
 
Slide Deck Class Session 11 – FRSecure CISSP Mentor Program
Slide Deck Class Session 11 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 11 – FRSecure CISSP Mentor Program
Slide Deck Class Session 11 – FRSecure CISSP Mentor ProgramFRSecure
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat ModelingCigital
 
Threat modeling with architectural risk patterns
Threat modeling with architectural risk patternsThreat modeling with architectural risk patterns
Threat modeling with architectural risk patternsStephen de Vries
 

Viewers also liked (11)

Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
 
ATP Technology Pillars
ATP Technology PillarsATP Technology Pillars
ATP Technology Pillars
 
Secure Password Storage & Management
Secure Password Storage & ManagementSecure Password Storage & Management
Secure Password Storage & Management
 
Threat Modeling for Web Applications (and other duties as assigned)
Threat Modeling for Web Applications (and other duties as assigned)Threat Modeling for Web Applications (and other duties as assigned)
Threat Modeling for Web Applications (and other duties as assigned)
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development Security
 
Improving web application security, part ii
Improving web application security, part iiImproving web application security, part ii
Improving web application security, part ii
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Threat Modeling And Analysis
Threat Modeling And AnalysisThreat Modeling And Analysis
Threat Modeling And Analysis
 
Slide Deck Class Session 11 – FRSecure CISSP Mentor Program
Slide Deck Class Session 11 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 11 – FRSecure CISSP Mentor Program
Slide Deck Class Session 11 – FRSecure CISSP Mentor Program
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 
Threat modeling with architectural risk patterns
Threat modeling with architectural risk patternsThreat modeling with architectural risk patterns
Threat modeling with architectural risk patterns
 

Similar to Hickman threat modeling

Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...
Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...
Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...Oberan
 
Jini Books Presentation in PDF format
Jini Books Presentation in PDF formatJini Books Presentation in PDF format
Jini Books Presentation in PDF formatZameer Ahammad
 
Jini Books Presentation
Jini Books PresentationJini Books Presentation
Jini Books PresentationZameer Ahammad
 
Telecom OSS/BSS Overview
Telecom OSS/BSS OverviewTelecom OSS/BSS Overview
Telecom OSS/BSS Overviewmagidg
 
Paolo Madella 14th Finance It Forum
Paolo Madella 14th Finance It ForumPaolo Madella 14th Finance It Forum
Paolo Madella 14th Finance It Forumpmadella
 
Cloud computing
Cloud computingCloud computing
Cloud computingvdvennen
 
Towards secure & dependable storage services in cloud computing
Towards secure & dependable storage services in cloud computingTowards secure & dependable storage services in cloud computing
Towards secure & dependable storage services in cloud computingRahid Abdul Kalam
 
A Lap around Microsoft .NET Services
A Lap around Microsoft .NET ServicesA Lap around Microsoft .NET Services
A Lap around Microsoft .NET Servicesgoodfriday
 
Microsoft StreamInsight
Microsoft StreamInsight Microsoft StreamInsight
Microsoft StreamInsight Mark Ginnebaugh
 
StrikeIron IronCloud API Web Service Publishing Platform SAAS
StrikeIron IronCloud API Web Service Publishing Platform SAASStrikeIron IronCloud API Web Service Publishing Platform SAAS
StrikeIron IronCloud API Web Service Publishing Platform SAASsibob
 
Fully Automated Billing Verification
Fully Automated Billing VerificationFully Automated Billing Verification
Fully Automated Billing VerificationReidar Sunde
 
Part2 DC Man Vision and Roadmap Finalcustext
Part2 DC Man Vision and Roadmap FinalcustextPart2 DC Man Vision and Roadmap Finalcustext
Part2 DC Man Vision and Roadmap FinalcustextMicrosoft Norge AS
 
WebXpress Solutions Finance
WebXpress Solutions FinanceWebXpress Solutions Finance
WebXpress Solutions FinanceWebXpress.IN
 

Similar to Hickman threat modeling (20)

Final review presentation
Final review presentationFinal review presentation
Final review presentation
 
Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...
Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...
Direct Insite First Data An Integrated B2 B B2 C E Commerce Serpayments.P...
 
Jini Books Presentation in PDF format
Jini Books Presentation in PDF formatJini Books Presentation in PDF format
Jini Books Presentation in PDF format
 
Jini Books Presentation
Jini Books PresentationJini Books Presentation
Jini Books Presentation
 
Telecom OSS/BSS Overview
Telecom OSS/BSS OverviewTelecom OSS/BSS Overview
Telecom OSS/BSS Overview
 
Paolo Madella 14th Finance It Forum
Paolo Madella 14th Finance It ForumPaolo Madella 14th Finance It Forum
Paolo Madella 14th Finance It Forum
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Towards secure & dependable storage services in cloud computing
Towards secure & dependable storage services in cloud computingTowards secure & dependable storage services in cloud computing
Towards secure & dependable storage services in cloud computing
 
Crystal Qube™ Presentation
Crystal Qube™ PresentationCrystal Qube™ Presentation
Crystal Qube™ Presentation
 
A Lap around Microsoft .NET Services
A Lap around Microsoft .NET ServicesA Lap around Microsoft .NET Services
A Lap around Microsoft .NET Services
 
Microsoft StreamInsight
Microsoft StreamInsight Microsoft StreamInsight
Microsoft StreamInsight
 
StrikeIron IronCloud API Web Service Publishing Platform SAAS
StrikeIron IronCloud API Web Service Publishing Platform SAASStrikeIron IronCloud API Web Service Publishing Platform SAAS
StrikeIron IronCloud API Web Service Publishing Platform SAAS
 
Fully Automated Billing Verification
Fully Automated Billing VerificationFully Automated Billing Verification
Fully Automated Billing Verification
 
Ib final project
Ib final projectIb final project
Ib final project
 
Ispcms.ppt
Ispcms.pptIspcms.ppt
Ispcms.ppt
 
Part2 DC Man Vision and Roadmap Finalcustext
Part2 DC Man Vision and Roadmap FinalcustextPart2 DC Man Vision and Roadmap Finalcustext
Part2 DC Man Vision and Roadmap Finalcustext
 
WebXpress Solutions Finance
WebXpress Solutions FinanceWebXpress Solutions Finance
WebXpress Solutions Finance
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services
 
3.8
3.83.8
3.8
 

More from jonecx

Latex tutorial
Latex tutorialLatex tutorial
Latex tutorialjonecx
 
tdt4260
tdt4260tdt4260
tdt4260jonecx
 
Tdt4242
Tdt4242Tdt4242
Tdt4242jonecx
 
SDL 2000 Tutorial
SDL 2000 TutorialSDL 2000 Tutorial
SDL 2000 Tutorialjonecx
 
Owl syntax
Owl syntaxOwl syntax
Owl syntaxjonecx
 
Duplicate detection
Duplicate detectionDuplicate detection
Duplicate detectionjonecx
 
Process Algebra
Process AlgebraProcess Algebra
Process Algebrajonecx
 
NTNU EiT evaluation guideline
NTNU EiT evaluation guidelineNTNU EiT evaluation guideline
NTNU EiT evaluation guidelinejonecx
 
K-means clustering exercise based on eucalidean distance
K-means clustering exercise based on eucalidean distanceK-means clustering exercise based on eucalidean distance
K-means clustering exercise based on eucalidean distancejonecx
 
BPMN by Example
BPMN by ExampleBPMN by Example
BPMN by Examplejonecx
 

More from jonecx (11)

Latex tutorial
Latex tutorialLatex tutorial
Latex tutorial
 
BPMN
BPMNBPMN
BPMN
 
tdt4260
tdt4260tdt4260
tdt4260
 
Tdt4242
Tdt4242Tdt4242
Tdt4242
 
SDL 2000 Tutorial
SDL 2000 TutorialSDL 2000 Tutorial
SDL 2000 Tutorial
 
Owl syntax
Owl syntaxOwl syntax
Owl syntax
 
Duplicate detection
Duplicate detectionDuplicate detection
Duplicate detection
 
Process Algebra
Process AlgebraProcess Algebra
Process Algebra
 
NTNU EiT evaluation guideline
NTNU EiT evaluation guidelineNTNU EiT evaluation guideline
NTNU EiT evaluation guideline
 
K-means clustering exercise based on eucalidean distance
K-means clustering exercise based on eucalidean distanceK-means clustering exercise based on eucalidean distance
K-means clustering exercise based on eucalidean distance
 
BPMN by Example
BPMN by ExampleBPMN by Example
BPMN by Example
 

Recently uploaded

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 

Recently uploaded (20)

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 

Hickman threat modeling

  • 1. Application Security and Threat Modeling Ben Hickman VP Engineering ben.hickman@sftsrc.com
  • 2. Agenda Why Worry? Creating a Security Process Threat Models The Threat Modeling Process Secure Programming Principles Security Testing Questions?
  • 3. Why Worry? Attacks are increasing Attack complexity is increasing stack overruns, heap overruns, format strings, integer overflow, …? Time from vulnerability discovery to exploit is decreasing Security is a CERT Incidents requirement or (http://www.cert.org/stats/cert_stats.html) a competitive 140000 advantage 120000 100000 80000 60000 40000 20000 0 88 89 90 91 92 93 94 95 96 97 98 99 00 01 02 03 19 19 19 19 19 19 19 19 19 19 19 19 20 20 20 20
  • 4. Creating a Security Process •Train and keep current in application security. •Architects, developers, testers People •Stay disciplined about security. •Stay current with the state of the art. •Make security a critical part of design, development, testing, and deployment. Process •Security threat analysis part of every design •Design and code reviews •External audits. •Build tools, automate as much as possible. Technology •Select technology a security focus.
  • 5. A Security Framework: SD3 •Engineer training Secure •Secure architecture •Security code reviews By Design •Threat modeling •Reduce vulnerabilities in code Secure •Reduce attack surface area •Unused features off by default By Default •Run with least privilege Secure •Protect, detect, defend, recover, manage •Process: how to’s, architecture guides In Deployment •Proper training
  • 6. Threat Models You cannot build secure applications unless you understand your threats “We use SSL!” “We have a firewall!” Create a security analysis of your application Find different bugs than code review and testing Find layered security bugs Quantify your attack surface Starting point for testing
  • 7. The Sample Application Administrative Application Administrator Authentication Admin Bill Payment Data interface logic Data User Interface User Bill payment business logic Web server Web service client User Upload interface Developer
  • 8. The Threat Modeling Process 1. Decompose the application 2. Determine the threats 3. Rank the threats by decreasing risk 4. Choose how to respond to the threats 5. Choose mitigation techniques
  • 9. 1. Decompose The Application Diagram the flow of data and/or control Data flow diagrams UML activity diagrams Recursively decompose the application into systems First determine trust boundaries Define subsystems
  • 10. 1. Decompose The Application continued Go n levels deep 2, 3, 4, … Until you understand the processes in the application Consider: Define the scope, not every inner working Identify data sources and processes Identify request target and response recipients Flow of data/control across trust boundaries
  • 11. Context Data Flow Diagram Data center Internet Admin Admin task request Admin task response Bill payment request Bill Payment application User Bill payment response Update files Developer
  • 12. Level 1 Data Flow Diagram (partial) Data center Machine boundary Internet Authentication Bill payment Data data Cred- entials Auth Bill payment status data request Bill payment Bill payment Bill payment request data request request Service Enforce bill payment Access User client policy data request Bill payment Bill payment Bill payment response response data Request Requested page code Web Web service Pages code
  • 13. 2. Determine The Threats Use STRIDE to categorize the threats Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege
  • 14. Spoofing Identity An attacker poses as another user or a machine poses as a valid/trusted machine Examples Basic HTTP authentication sends credentials in the clear Credentials or tokens stored in HTTP cookies Authentication tokens in the clear on the wire Intercepting DNS requests – DNS spoofing
  • 15. Tampering With Data Attacker modifies data Examples SQL injection to modify database data Modifying data on the wire, in transit Unsecured access to pages and components HTTP Cookies
  • 16. Repudiation No way to know what an attacker or user did Examples User performs an illegal operation and there is no trace of what happened Attacker gets a product ordered without paying and there is no audit trail
  • 17. Information Disclosure Exposure of information to a user who is not supposed to see it Examples Reading on the wire Unsecured pages and components Error messages that reveal implementation details
  • 18. Denial Of Service Attacker denies service to valid users Examples DDoS attacks Poorly behaved components that can be exploited Disabling a credential store
  • 19. Elevation Of Privilege Unprivileged user gains privileged access Examples Install an .exe and wait for an admin logon Unsecured components that communicate to other services with admin rights Impersonation
  • 20. Document The Threats Threat Trees Threat Outlines Threat Details
  • 21. Threat Trees Describes the attacker’s process Threat #1 Gain user’s credentials I, S, E 1.1 1.3 1.4 1.2 Snoop Compromise Malicious software Guess valid authentication server credential reads local user’s credentials connection store password 1.4.1 1.4.2 User acquires Install malicious virus that reads code on computer password
  • 22. Threat Outlines 1 Gain user’s credentials 1.1 Snoop authentication connection 1.2 Guess valid credentials 1.3 Compromise server credential store 1.4 Malicious software reads local user’s password • 1.4.1 User acquires virus that reads password • 1.4.2 Install malicious code on computer
  • 23. Threat Details Title Gain user’s credentials Threat target Bill payment request Threat types Information disclosure, Spoofing identity, Elevation of privilege Risk … Mitigation techniques Use SSL Bug number …
  • 24. 3. Rank The Threats Calculate using DREAD Damage potential Reproducibility Exploitability Affected users Discoverability Rank by decreasing risk Rank each from 1 – 10 Threat risk = average
  • 25. 3. Rank The Threats Calculate by following the path of least resistance 1 Gain user’s credentials Damage potential: 8 Reproducibility: 10 Exploitability: 7 Affected users: 10 Discoverability: 10 DREAD Risk: 7.5
  • 26. 4. Choose How To Respond Do nothing You’ll eventually pay for this choice Warn the user Will the user know what to do? Remove the problem Rather than ship a security bug Fix the problem Yes!
  • 27. 5. Choose Mitigation Techniques Spoofing identity Appropriate authentication Don’t store secrets Tampering with Data Appropriate authorization Hashes, digital signatures Tamper-resistant protocols Repudiation Digital signatures Audit trails Information disclosure Authorization Encryption Don’t store secrets Denial of service Filtering, Throttling, QoS Appropriate Authorization Elevation of Privilege Run with least privilege
  • 28. 5. Choose Mitigation Techniques continued Update your threat documentation to include mitigation Threat #1 Gain user’s credentials I, S, E 1.1 1.3 1.4 1.2 Snoop Compromise Malicious software Guess valid authentication server credential reads local user’s credentials connection store password 1.4.1 1.4.2 User acquires Install malicious Enforce strong virus that reads Using SSL code on computer passwords password Need physical Need physical access to access to server machine
  • 29. Secure Programming Principles Don’t trust user input Run with least privilege Secure failure and defaults Defend with depth Don’t store secrets Assume external systems are insecure
  • 30. Security Testing The QA process must include a security focus Think ‘evil’ Threat model drives testing Each threat gets tested STRIDE drives techniques DREAD drives priorities Mutate data for attacks Can you identify new threats?
  • 31. Questions? Passionate about technology Strategy & Consulting Education & Mentoring Application Development Application Security http://www.sftsrc.com