1 / 25

Application Threat Modeling Workshop: Fundamentals, PASTA™ Introduction, and Practice

Join the Application Threat Modeling Workshop to learn about threat modeling fundamentals, the PASTA™ method, and how to practice threat modeling. Gain insights into threats, vulnerabilities, risk analysis, and risk management.

mshafer
Download Presentation

Application Threat Modeling Workshop: Fundamentals, PASTA™ Introduction, and Practice

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Application Threat Modeling Workshop Sponsored by ISACA Ireland Chapters in collaboration with the OWASP Foundation Marco Morana (OWASP)

  2. Application Threat Modeling Workshop Sponsored by ISACA Ireland Chapters in collaboration with the OWASP Foundation Marco Morana (OWASP)

  3. Workshop Agenda & Time Schedule Part I - Threat Modeling Fundamentals - 45 min Break- 15 min Part II – Introduction to the PASTA™ - 45 min Break - 15 min Part III : Threat Modeling Practice - 45 min

  4. Terminology • Threat: “The potential of a “threat source” to exploit a specific vulnerability” • Threat source: “The intent and method targeting the exploitation of a vulnerability either intentionally or accidentally • Vulnerability: “The weakness in procedures, design, implementation controls etc. that can be exploited and result in a violation of system’s security policy • Threat analysis: “The examination of threat sources against vulnerabilities to determine threat to a particular system in a particular operational environment” • Risk Analysis: “The process of identifying risks and determine probability of occurrence, impact and safeguards that mitigate that impact • Risk Management: “The process of identifying, controlling and mitigating risks, it includes risk analysis, cost-benefit analysis and the implementation, test and evaluation of safeguards. Source: NIST

  5. PART IThreat Modeling Fundamentals

  6. Threats, Vulnerabilities & Assets Source: Application Threat Modeling, Chapter V, Threat Modeling & Risk Management ,Wiley

  7. Application Risk Domains Risk = Threats (probability) x Assets (impact) x Control Vulnerabilities (exploit) Source: Application Threat Modeling, Chapter V, Threat Modeling & Risk Management ,Wiley

  8. The Essential Elements of Risk Management Peopletrained to use risk frameworks to analyze technical and business risks with technical and business experience Processesfor identifying gaps in security measures, identify vulnerabilities and assign levels of risks and impact Tools for the management of risk of the IT assets the management of vulnerabilities, the identification of threats to these assets and determination of countermeasures

  9. Threat Modeling 101: Definitions “A strategic process aimed at considering possible attack scenarios and vulnerabilities within a proposed or existing application environment for the purpose of clearly identifying risk and impact levels” [Application Threat Modeling Book, MoranaUcedavelez, Wiley] “Formal methods to categorize threats, map them to vulnerabilities and identify countermeasures” • Threat-Attack Trees • Use-Misuse Cases • Data-Flow Diagrams • Attacks & Attack Libraries • Use-Misuse Cases • Data-Flow Diagrams “Toolsfor modeling the threat, attack and vulnerability/weaknesses analysis:”

  10. Focalizations of Threat Modeling Software/Architecture Centric – Concentrates on the security of software for an evaluated web app. Starts with a model of the system/application/software Asset Centric – Focused on more risk based approach to application threat modeling. Starts with the data/assets classifications/values Attacker Centric– Focuses on the attacker’s goals/targets and how can be achieved. Starts with a model of the threat agents and the attack vectors Security Centric – Addresses security and technical risks to threats revealed by application threat model. Starts with business objectives, security and compliance requirements

  11. Web Application Security: Threats & Controls Application Security Controls Network Security Controls Server Security Configurations From Improving Web Application Security: Threats and Countermeasures http://msdn.microsoft.com/en-us/library/ms994921.aspx

  12. Web Application Data Flows & Control Analysis Trust Boundaries • Exercise to connect the dots for APIs and other data interfaces • Maps out data interfaces across application layers (presentation, app, data, etc) • Maps out relationships amongst actors, assets, data sources, trust boundaries, and eventually the variables of the attack tree • Incorporates actors and assets as data flow start & end points Data Process Components Data flows Security Controls

  13. Data Flow Analysis Using Data Flow Diagrams

  14. Abuse of Functionality Analysis • Use and abuse cases define how applications can be used and abused • Security requirements can be derived using use and abuse cases • Test cases can be derived to test abuse of functionality and identify gaps in security controls Abuse Cases Use Cases User Malicious User Source: OWASP Testing Guide Vs 3, https://www.owasp.org/index.php/Testing_Guide_Introduction

  15. Attack Analysis Using Attack Trees Analyzing the Security of Internet Banking Authentication Mechanisms : http://www.isaca.org/Journal/Past-Issues/2007/Volume-3/Pages/Analyzing-the-Security-of-Internet-Banking-Authentication-Mechanisms1.aspx

  16. Threat Modeling Methodologies :OWASP Source OWASP Threat Risk Modeling https://www.owasp.org/index.php/Threat_Risk_Modeling

  17. OWASP Application Threat Modeling The OWASP ATM basic steps are Decompose the application Analyze data flows to identify entry and exit points, assets Enumerate a list of threats such as STRIDE against the application Assert controls to mitigate threats Determine the risk of threats unmitigated Identify countermeasures and propose mitigations OWASP Application Threat Risk Modeling https://www.owasp.org/index.php/Application_Threat_Modeling

  18. Threats & Security Controls Assessment OWASP Application Threat Modeling https://www.owasp.org/index.php/Application_Threat_Modeling

  19. Application Security ControlFrameworks

  20. Modeling Attacks • Attacks Types: targeted or opportunistic attacks toward web applications • Attack Vectors: channels for which attacks can be introduced • Attack Trees: Walking’ the app allows for threats to be IDed while understanding motives • Attack Scenarios: based upon threat feeds & observed incidents (SIRTs) • Attack Libraries: are key to effective Threat Model and testingwith use/ misuse cases & vulns

  21. Modeling Threats, Vulnerabilities and Countermeasures • Maps opportunistic attacks to exploit of vulnerabilities • Allows to think like an attacker in the pursuit of the attacker’s goals/exploits • Attacks map to one to many vulnerabilities • Vulnerabilities can map to one or more countermeasures Threat Vulnerabilities & Control gapsc Countermeasures

  22. Assigning Risk to Threats • Threats severity can be calculated using risk factors OWASP Application Threat Modeling https://www.owasp.org/index.php/Application_Threat_Modeling

  23. Q & Q U E S T I O N S A N S W E R S

More Related