OWASP Chicago Meetup Presentation - Threat Modeling-Process Maturity
0 likes186 views
The document discusses threat modeling as a process for identifying security vulnerabilities in software design by contrasting design views with potential attackers. It outlines various impediments faced by organizations, such as tool limitations and skills gaps, while proposing solutions to enhance the effectiveness of threat modeling in practice. The document emphasizes the importance of commitment, standardization, and training to improve the security design process and drive better outcomes.
OWASP Chicago Meetup Presentation - Threat Modeling-Process Maturity
- 1. © 2018 Synopsys, Inc.1 Threat Modeling—Process Maturity Taking It to the Next Level Vinay Vishwanatha, Associate Managing Consultant Meetup date
- 2. © 2018 Synopsys, Inc.2 Threat modeling Threat modeling is a software design analysis that looks for security weaknesses by juxtaposing software design views against a set of attackers. It identifies: - Secure design weaknesses - Missing security controls - Weak or inappropriate security controls - Potential vulnerabilities In the model we highlight: - Assets - Controls - Threat agents - Attack surface
- 3. © 2018 Synopsys, Inc.3 Threat modeling is a software design analysis that looks for security weaknesses by juxtaposing software design views against a set of attackers. It identifies: • Secure design weaknesses • Missing security controls • Weak or inappropriate security controls • Potential vulnerabilities In the model we highlight: • Assets • Controls • Threat agents • Attack surface Threat modeling
- 4. © 2018 Synopsys, Inc.4 Impediments to threat modeling In practice, there are impediments that cause firms to lose their grip on the threat modeling process. What holds them back? • Tool limitations • Time (threat modeling can be time-consuming) • Inability to scale • Skills gap Problem statement
- 5. © 2018 Synopsys, Inc.5 Impediments to threat modeling In practice, there are impediments that cause firms to lose their grip on the threat modeling process. What holds them back? • Tool limitations • Time (threat modeling can be time-consuming) • Inability to scale • Skills gap Problem statement
- 6. © 2018 Synopsys, Inc.6 1 2 3 4 Commitment Impact Scale Exploration Pilot Baby steps Denial Not required Resistance Hard to adapt Psychology of change Change is the only constant
- 7. © 2018 Synopsys, Inc.7 Denial phase Penetration testing and secure code review uncover many types of security issues (bugs) in an application; however, there are gaps (design flaws) that simply cannot be found with these traditional analysis techniques. Bug is an implementation-level software problem or defect in code. Flaw is a design-level or architectural defect in specifications or software that is more difficult to resolve once the software is partially or completely implemented. We already conduct penetration tests and code reviews. We’re covered. Architectural Bugs Implementation Flaws 50%50% Security defects uncovered in practice
- 8. © 2018 Synopsys, Inc.8 Resistance phase We’ve considered threat modeling and feel that it is way too complicated Challenges Doesn’t fit into Agile dev shops Legacy apps Lack of skilled resources Budget issues Solutions Out-of-band activity during the design phase Tactical threat modeling Use vendors for pilot phase Risk-based testing At the root, everyone knows Couch Potatoes have a deep-seated fear of exercise. Next slide included with different cartoon option Depending on copyright concerns in using this image
- 9. © 2018 Synopsys, Inc.9 Resistance phase We’ve considered threat modeling and feel that it is way too complicated Challenges Doesn’t fit into Agile dev shops Legacy apps Lack of skilled resources Budget issues Solutions Out-of-band activity during the design phase Tactical threat modeling Use vendors for pilot phase Risk-based testing He tried to hold back the blades of change.
- 10. © 2018 Synopsys, Inc.10 Exploration phase Challenges • Scalability • Guidance • Supporting Infrastructure • DevOps Culture Solutions • 80/20 rule, pattern-based design reviews • Requirement management and blueprints • Infrastructure risk assessment • Champion program and developer enablement Developing a canonical list of attacks at the design level is more than half the battle
- 11. © 2018 Synopsys, Inc.11 Challenges • Scalability • Guidance • Supporting Infrastructure • DevOps Culture Exploration phase Solutions • 80/20 rule, pattern-based design reviews • Requirement management and blueprints • Infrastructure risk assessment • Champion program and developer enablement Developing a canonical list of attacks at the design level is more than half the battle
- 12. © 2018 Synopsys, Inc.13 Commitment phase • Standardization: think beyond canned attacks • Training: have office hours for champions • Metrics: track the identified flaws • Next steps: use threat modeling findings to drive pen tests/code reviews Approach threat modeling as a living resource that evolves with the associated application
- 13. © 2018 Synopsys, Inc.14 Commitment phase Standardization: Think beyond canned attacks Training: have office hours for champions Metrics: track the identified flaws Next steps: use threat modeling findings to drive pen tests/code reviews Approach threat modeling as a living resource that evolves with the associated application
- 14. © 2018 Synopsys, Inc.15 Embrace threat modeling to find design flaws in security defects (50/50) Pilot threat modeling Coverage for critical apps Sprint—out-of-band activity Pattern-based design reviews Create requirement management and blueprints Infrastructure risk assessment Developer enablement Think beyond canned attacks Train champions frequently Metrics Feed threat modeling findings to pen tests Summary: Threat modeling process maturity Good design adds value faster than it adds cost