Practical Threat Modeling - WorldParty 2k23 HackMadrid.pdf
0 likes44 views
The document outlines threat modeling as a structured approach to identify and address security threats in systems, emphasizing the importance of proactive security measures within the software development life cycle (SDLC). It details a process involving data flow diagrams to analyze potential threats, assessing countermeasures, and validating security effectiveness. The document advocates for a culture prioritizing design issue resolution and collaboration over mere compliance.
Practical Threat Modeling - WorldParty 2k23 HackMadrid.pdf
- 1. Practical Threat Modeling David Sastre Medina Principal Security Engineer Juan Vicente Herrera Ruiz de Alejo Senior Cloud Architect 1
- 2. What we’ll discuss today ● What is Threat Modeling? ● Why do Threat Modeling? ● How to do Threat Modeling? ● Security in the SDLC ● Proactive Systems Security ● What We Have Come To Value? Agenda 2
- 4. 4 AThreat Model is a conceptual representation of a system, and the threats to it that have been identified. ● Repeatable process to find and address all threats to your project or product ● Define countermeasures to prevent or mitigate the effects of the threats ● Consider, document and discuss security in a structured way What is Threat Modeling?
- 5. Threat Modeling Process 5 1. DFD diagram 2. Identify Threats 3. Mitigate 4. Validate What are we working on? Create a data flow diagram to understand how information flows through the system What can go wrong? Analyse the model to identify potential threats What are we going to do about it? Indicate which threats are already mitigated and determine how the remaining threats would be mitigated Did we do a good job? Validate the system against recorded threat model. Continue to mitigate any open issues
- 7. Why do Threat Modeling 7 ● More Secure Services ● Reduced cost by finding design flaws early and before release ● Reduced exposure to weaknesses other methods may not uncover ● Make rational decisions about how to address knowable security threats ● Consolidate dispersed knowledge
- 8. 8 How to do Threat Modeling
- 9. How to do Threat Modeling 9 Methodology ● Existing and Custom Frameworks ● Proactive Controls ● Automation ● Brainstorming Sessions
- 10. STRIDE 10 Threat Desired property Threat Definition Spoofing Authenticity Pretending to be something or someone other than yourself Tampering Integrity Modifying something on disk, network, memory, or elsewhere Repudiation Non-repudiability Claiming that you didn't do something or were not responsible; can be honest or false Information disclosure Confidentiality Providing information to someone not authorized to access it Denial of service Availability Exhausting resources needed to provide service Elevation of privilege Authorization Allowing someone to do something they are not authorized to do How to do Threat Modeling
- 11. Proactive Controls 11 Control Scope What we want to mitigate Authentication Related to the identification of users Impersonating someone known and trusted (spoofing) Authorisation Related to authorization of users and assessment of rights Privilege escalation Data security Confidentiality, Integrity, Availability Disclosure, Tampering, DoS Audit and logging Related to auditing of actions or logging of potential security events Non-Repudiation Configuration Related to secure configurations of servers, devices or software Passwords and other credentials stored in plain text files Unpatched software and firmware vulnerabilities Resilience Scaling, fault tolerance etc Denial of service / system failure Input Fail safe design SQL Injection, Cross Site Scripting How to do Threat Modeling
- 12. How to do Threat Modeling 12 Example Data Flow Diagram
- 14. Security in the SDLC 14 Supply Chain Security ● Shift Left ● Involve security thinking at every phase of software development ● Make small, positive improvements ● Have a Roadmap
- 17. Proactive Systems Security 17 Preemptive Security in the Environment ● Context ● Hardening as mitigation ● Configuration and Operating Environment ● Processes and Policies ● Architecture and Design ● Include Human Actors
- 18. 18 What have we come to value
- 19. What have we come to value? 19 ● A culture of finding and fixing design issues over checkbox compliance ● People and collaboration over processes, methodologies, and tools ● A journey of understanding over a security or privacy snapshot ● Continuous refinement over a single delivery What We Have Come To Value?
- 20. What have we come to value? 20 ● Technical Knowledge ● Time ● Empathy ● Give Threat Modeling a Try! What Do You Need to Start
- 22. Resources 22 ● How to do Threat Modeling? ● MITRE D3FEND: A knowledge graph of cybersecurity countermeasures ● Threat Modeling in the enterprise: Understanding the basics ● OWASP Threat Modeling Cheat Sheet ● Threat Modeling: 12 Available Methods ● Learning Threat Modeling for Security Professionals ● Threat Modeling, or Architectural Risk Analysis ● Tactical Threat Modeling ● Threat Modeling in 2019 ● How Threat Modeling Helps Discover Vulnerabilities ● What Exactly Does a Threat Modeler do? ● Kubernetes Operator: Good Security Practices