Flashcards in OO Threat Modelling (PPT 8.5) Deck (25):
How should we approach security?
-Identify valuable assets
-Look at how it could be compromised
-Loom at how to mitigate threats
What is threat modelling?
It is a structured approach to address the security of an application
Why do we do threat modelling?
-To prevent embarrassing and costly security features
-Raises the profile of security early on, such as communication, early and ongoing tests and can expose problems early
-Deliver better (more secure) products
What are some common threats?
-Denial of service
-Cross-site scripting (XSS)
-Buffer overflows/ memory compromises
-Web server config issues
What is Denial of Service?
This is flooding a system with data or requests to slow it down. Can be used as a distraction but often used as a ransom
How do we prevent a DoS attack?
-Front end hardware to filter and analyse traffic
-Resource limits/allocations to throttle requests
-Blocking source IP addresses
-SYN cookies (prevents users from leaving a connection half open)
What is a SQL Injection?
Injecting malicious code/scripts into a webpage
How do we prevent SQL injection attacks?
-Don't trust user input
-Validate, don't sanitise
Validate = reject input
Sanitise = remove malicious characters
What is Cross Site Scripting?
Injecting malicious code, similar to SQL injection, but it is served up to a legitimate user and may direct them to malicious sites, etc
What is a buffer overflow?
Force memory overflows in a running application to crash or compromise it
What is poor error handling?
Hackers may force errors on your website, this may cause information to display which is sensitive and shouldn't be viewed.
What are web server config issues?
-Out of date software
-Configuration files storing plain text passwords
-Guest accounts not disabled
-File system no restricted
What is spoofing?
When something is pretending to be something else, e.g. fake website
How do we prevent spoofing?
-Authentication and validation and strong password policies
-Careful management of session IDs and cookies
-Check security certificates
-Check file signatures and timestamps
What is Information Disclosure?
Sensitive data passing over a network in plain text or stored in plain text or error messages revealing data
What is an Insider threat?
This is when a person who is hired compromises the system in some way
How can we avoid insider threats?
-Have proper recruitment processes
-Monitor employee morale
What are abuse and misuse cases?
They are a way of identifying threats by looking at ways an unscrupulous actor may choose to harm the system
What is Microsoft SDF?
Microsoft Security Development Lifecycle
It is a way of approaching threat modelling
Three stages are
-Decompose the application
-Determine and rank threats
-Determine counter measures and mitigation
What does the decompose the application stage do?
-identify entities, processes, data stores and data flows between them
-identify trust boundaries
What does the determine and rank threats stage do?
-Use STRIDE to determine threats
What is Tampering?
-Modifying something you are not supposed to modify
-Countered by: encryption, validation, digital signatures, privileges
What is Repudiation?
-Being able to claim you didn't do something, leave no trace of activities
-Countermeasures: Logs and times stamps
What is Elevation of privilege?
-Gaining access to things you shouldn't have
-Counter: disable guest accounts, file access privileges, enforcement of user account policies, adopt a least privilege policy