m o c . 5 b u h t gi Real World Threat Modeling Using the PASTA Methodology Tony UcedaVelez Managing Partner, VerSprite OWASP AppSec EU 2012 Why Threat Modeling? Threat Dissection Targeted Analysis gi m o c . 5 b u h t • Focused on understanding targeted attacks • You can’t mitigate all of your threats • So, what are your most likely threats to your published sites/ services? m o c . Taxonomy of Terms 5 b u h t i g 3 Asset Asset. An asset is a resource of value. It varies by perspective. To your business, an asset might be the availability of information, or the information itself, such as customer data. It might be intangible, such as your company's reputation. gi m o c . 5 b u h t Threat Threat. A threat is an undesired event. A potential occurrence, often best described as an effect that might damage or compromise an asset or objective. Relative to each site, industry, company; more difficult to uniformly define. gi m o c . 5 b u h t Vulnerability (Weakness) m o c . 5 b u h t gi Vulnerability. A vulnerability is a weakness in some aspect or feature of a system that makes an exploit possible. Vulnerabilities can exist at the network, host, or application levels and include operational practices. Attack gi m o c . 5 b u h t Attack (or exploit). An attack is an action taken that utilizes one or more vulnerabilities to realize a threat. Countermeasures Countermeasure. Countermeasures address vulnerabilities to reduce the probability of attacks or the impacts of threats. They do not directly address threats; instead, they address the factors that define the threats. gi m o c . 5 b u h t Use Case m o c . 5 b u h t Use Case. Functional, as designed function of an application. gi Abuse Case gi m o c . 5 b u h t Abuse Case. Deliberate abuse of functional use cases in order to yield unintended results Attack Vector gi m o c . 5 b u h t Attack Vector. Point & channel for which attacks travel over (card reader, form fields, network proxy, client browser, etc) Attack Surface gi m o c . 5 b u h t Attack Surface. Logical area (browser stack, infrastructure components, etc) or physical area (hotel kiosk ) Actor (Threat Agent) m o c . 5 b u h t Actor. Legit or adverse caller of use or abuse cases. gi Impact gi m o c . 5 b u h t Impact. Value of [financial] damage possibly sustained via attack. Relative. Attack Tress gi m o c . 5 b u h t Attack Tree. Diagram of relationship amongst assetactor-use caseabuse case-vulnexploitcountermeasure What is PASTA? Why should I eat this? What is PASTA? menu of application testing • Process for Attack Simulation • Current doesn’t provide a full security meal & Threat Analysis – Pen Tests: Exploit driven – Integrated application threat analysis – Application threat modeling methodology – Risk or asset based approach; great for business integration – 7 stages building up to impact of threat to application & business. gi m o c . 5 b u h t • Aimed at addressing most viable threats to a given application target – Risk Assessments: Subjective; lacks meat – Static Analysis: Weakness, flaw driven; disregards threats, narrow focus – Vuln Scans: (C’mon! As if this could provide a decent meal!) – Security testing deliverables are adversarial – Integrated disciplines are needed via a unifying methodology • Better form of risk analysis w/ more substance • Encapsulates other security efforts Threat Modeling Comparisons Process for Attack Simulation & Threat Analysis (PASTA) MS Approach m o c . 5 b u h t Define Biz Objectives Define Tech Scope gi App Decomposition Threat Analysis Vuln Detection Attack Enumeration Risk/ Impact Analysis m o c . 5 b u h t STAGE I Define The Business & Security Objectives: “Capture requirements for the analysis and management of web based risks” gi 18 Stage 1 Walkthru – Understand Biz Objectives gi m o c . 5 b u h t Business Objectives affect Web Apps • Function req of supercookies (marketing) – Persistent storage of PII • Easily accessible web services for internal APIs • • m o – ‘Internal’ lets security guard down w/cauthentication . 5 Over-scoping of functional requirements b u – Orphaned features that lose maintenance h t i g Change Management System Web App Example – Biz Objective: Track & Manage Changes Across Groups; Easily accessible; Control Changes; Role based access – Discovered Threats/ Vulnerabilities: Internet accessible, elevation of privileges,

pdf文档 PASTA 威胁建模方法介绍 英文版

安全文档 > 软件开发安全 > 文档预览
中文文档 61 页 50 下载 1000 浏览 0 评论 0 收藏 3.0分
温馨提示:本文档共61页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
PASTA 威胁建模方法介绍 英文版 第 1 页 PASTA 威胁建模方法介绍 英文版 第 2 页 PASTA 威胁建模方法介绍 英文版 第 3 页
本文档由 路人甲2022-05-21 12:21:16上传分享
您好可以输入 255 个字符
网站域名是多少( 答案:github5.com )
  • 暂时还没有评论,期待您的金玉良言