No developer wants to be responsible for a major data breach. Unfortunately, when it comes to application security, most developers have more questions than answers. How do I get started? Who should I be protecting against? How much security is enough? Is there a best practice to follow? In less than an hour, I will give you the tools you need to begin integrating threat modeling into your existing application lifecycle. Start building secure applications today.
2. @adam_englander
What Are We Going to Cover
• An overview of threat modeling
• The process of threat modeling
• Some common tools to assist you
• An example from start to finish
• Action items for now, near future, and beyond
24. @adam_englander
Identifying Threats with STRIDE
• Spoofing - The attacker presents themselves as another user
• Tampering - Altering code, data, processes
• Repudiation - Providing ability to deny you performed an action
• Information disclosure - Attacker discloses secret information
• Denial of Service - You system is partially of fully unavailable
• Elevation of Privilege - Accessing items for higher level user
25. @adam_englander
Mapping Attacks with Attack Trees
Access
Database
From Web
Server
Internal
Network
Remote
Execution
SQL
Injection
Stolen
Credentials
Authorized
User
26. @adam_englander
Quantifying Risk with DREAD
• Damage – how bad would an attack be?
• Reproducibility – how easy is it to reproduce the attack?
• Exploitability – how much work is it to launch the
attack?
• Affected users – how many people will be impacted?
• Discoverability – how easy is it to discover the threat?
39. @adam_englander
Inside attackers can access all
customer PII and PC data from
databases using credentials from
code repositories on any
computer on the internal network
and not be discovered via logging
40. @adam_englander
DREAD
• Damage: Liability for stolen credit card
transactions, loss of credibility, loss of revenue
• Reproducibility: The skills necessary would be
knowing how to copy down the git repo and
execute queries via mysql
• Exploitability: There are no considerations beyond
install git and mysql-client to perform the attack
41. @adam_englander
DREAD
• Affected Users: All user PII and billing data
would be accessible
• Discoverability: Any user with minimal
knowledge of the framework would know how to
find configs containing DB credentials and
connection information.
43. @adam_englander
Mitigation Phase 1
• Have credentials setup on servers by admins
• Remove database credentials from git repo
• Change credentials to prevent leaked
credentials from being utilized going forward
45. @adam_englander
Phase 3
• Encrypt PII and PC data in the database
• Develop and implement key rotation strategy for
application secrets
46. @adam_englander
Completely Mitigate
• Anonymize link between PC data and PII
• Create honey pots for credentials still in git repos
that will allow users to see what appears to be
real data. These logins will be recorded and
alerts will be sent to security personnel to
apprehend the culprit