0
Threat Modeling using
CAPEC™
Application for Web Applications
Jerome Athias, March 2014
Threat Assessment
 Threat Assessment involves accurately identifying and

characterizing potential attacks upon an organi...
Threat Modeling
 Threat Modeling is a structured business and technical

analysis process. The purpose is to identify the...
STRIDE
 Threat Modeling process that is recommended by Microsoft®

to reduce software maintenance costs, to reduce the
fr...
Other Methodologies and Tools
 TARA: Intel’s Threat Agent Risk Assessment. A methodology

coming with different libraries...
CAPEC™
 Common Attack Pattern Enumeration and Classification

http://capec.mitre.org/ is a detailed classification taxono...
CAPEC™ Selection
 All attack methods are not applicable to the context of web

applications
 Depends of the level of det...
CAPEC™ Selection
 From CWE™:
 Cross-Site Scripting => CWE-79

http://cwe.mitre.org/data/definitions/79.html
 Related At...
Threat Model Representation
 A graphical representation is recommended (vs Spreadsheet,

e.g. Trike). A simple diagram of...
DEMO
 Login process
Leveraging CAPEC™ data


Defense-in-depth: network segregation and layered defense. Adding the network zones
on the diagr...
DEMO
 Validate OWASP ASVS requirements, mapping
 Security Controls (technical safeguards) selection and

assessment, NIS...
Questions?

 Thank you
References
 STRIDE http://msdn.microsoft.com/en-

us/library/ee823878%28v=cs.20%29.aspx
 Threat Modeling http://msdn.mic...
Upcoming SlideShare
Loading in...5
×

Threat modeling capec_web_application

662

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
662
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Useful for SPICE ENG
  • Following the development of a complete and accurate Threat Model, it is much simpler to determine the appropriate amount of effort to invest in:Secure DesignCode ReviewPenetration TestingSecurity infrastructure controlsOWASP OpenSAMM
  • http://msdn.microsoft.com/en-us/library/ff648644.aspxLimited, High level
  • Updated with new attack patterns, i.e. Mobile
  • See presentation on Reverse Threat Modeling
  • KISS: Keep It Simple, StupidSMART: Specific, Measurable, Attainable, Repeatable, and Time-dependentSMART+: Specific, Measurable, Attainable, Reasonable, Traceable, Appropriatehttp://www.microsoft.com/en-us/download/details.aspx?id=2955FreeMind, CMapTools, Mindjet, Xmind, Coggle, MindNodehttp://lifehacker.com/five-best-mind-mapping-tools-476534555
  • PIA: Privacy Impact AssessmentCIA: Confidentiality, Integrity, AvailabilityLack forRisk Management: Business Impact (loss)
  • https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_ProjectThe Orange Bookhttps://www.owasp.org/index.php/OWASP_Proactive_Controls#tab=OWASP_Top_Ten_Proactive_Controls
  • DREADOpenSAMMSwA
  • Transcript of "Threat modeling capec_web_application"

    1. 1. Threat Modeling using CAPEC™ Application for Web Applications Jerome Athias, March 2014
    2. 2. Threat Assessment  Threat Assessment involves accurately identifying and characterizing potential attacks upon an organization’s web application in order to better understand the risks and facilitate risk management.  “The earlier you find problems, the easier it is to fix them.”  Threat modeling is a procedure for optimizing network security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system. In this context, a threat is a potential or actual adverse event that may be malicious (such as a denial-of-service attack) or incidental (such as the failure of a storage device), and that can compromise the assets of an enterprise.
    3. 3. Threat Modeling  Threat Modeling is a structured business and technical analysis process. The purpose is to identify the most likely attack methods that might be used by attackers.  Threat modeling identifies the aspects of the web application design requiring particular attention. It highlights missing security controls.  It should be an iterative process, a requirement for a Secure Development Life Cycle, continuously improved (PDCA) for Software Assurance.
    4. 4. STRIDE  Threat Modeling process that is recommended by Microsoft® to reduce software maintenance costs, to reduce the frequency of software security bugs and to increase reliability of software.  Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege
    5. 5. Other Methodologies and Tools  TARA: Intel’s Threat Agent Risk Assessment. A methodology coming with different libraries like the Threat agent library (TAL).  OWASP https://www.owasp.org/index.php/Application_Threat_Mode ling  WASC Threat Classification http://projects.webappsec.org/Threat-Classification  Trike http://octotrike.org/  ThreatModeler http://myappsecurity.com/threatmodeler/
    6. 6. CAPEC™  Common Attack Pattern Enumeration and Classification http://capec.mitre.org/ is a detailed classification taxonomy for attack methods.  CAPEC™ is directly mapped to CWE™ (Common Weakness Enumeration) which is widely used (e.g. NVD CVE).
    7. 7. CAPEC™ Selection  All attack methods are not applicable to the context of web applications  Depends of the level of details wanted/required and/or the focus of the Threat Model (TM)  Selective approach  Using the Views. Example: CAPEC-1000: Mechanism of Attack  CAPEC-156: Spoofing  CAPEC-98: Phishing  Iterative approach
    8. 8. CAPEC™ Selection  From CWE™:  Cross-Site Scripting => CWE-79 http://cwe.mitre.org/data/definitions/79.html  Related Attack Patterns  Direct selection  CAPEC-66: SQL Injection  CAPEC-63: Simple Script Injection  CAPEC-62: Cross Site Request Forgery  CAPEC-61: Session Fixation  CAPEC-103: Clickjacking
    9. 9. Threat Model Representation  A graphical representation is recommended (vs Spreadsheet, e.g. Trike). A simple diagram offers good feedback (KISS) from developers and managers, and is SMART.  Data flow diagrams (DFDs) can be used to represent trust boundaries and identify entry points.  Furthermore, attack trees (see CAPEC™ attack steps) and mind maps are also useful graphical representations using attack libraries.  Tools: ThreatModeler, Microsoft Threat Modeling Tool, Visio, Mind Mapping tools
    10. 10. DEMO  Login process
    11. 11. Leveraging CAPEC™ data  Defense-in-depth: network segregation and layered defense. Adding the network zones on the diagram (see Activation Zone, technical Context, Architectural Paradigms). Also helps for segregation of duties  Security Controls: missing? effective? see Attack Execution Flow  Impact Assessment (i.e. PIA): Consequences, CIA Impact, Payload Activation Impact  Mitigation/Remediation prioritization: Likelihood of Exploit  Security awareness: Description, Solutions and Mitigations, Principles, Guidelines, CWE’s Enabling Factors for Exploitation, Demonstrative Examples  Security Requirements: Attack Prerequisites, Injection Vector  Incident Response: Indicators-Warning of Attacks, Probing Techniques  Threat Intelligence: Attacker Skills or Knowledge Required, Resources Required
    12. 12. DEMO  Validate OWASP ASVS requirements, mapping  Security Controls (technical safeguards) selection and assessment, NIST SP 800-37, 800-53, OWASP Testing Guide mapping. Use of XORCISM https://github.com/athiasjerome/XORCISM  Reverse Threat Modeling: WAPT => OWASP/WASC/CWE => TM with CAPEC
    13. 13. Questions?  Thank you
    14. 14. References  STRIDE http://msdn.microsoft.com/en- us/library/ee823878%28v=cs.20%29.aspx  Threat Modeling http://msdn.microsoft.com/en- us/library/ff648644.aspx  https://www.owasp.org/index.php/Application_Threat_Modeling  Threat Modeling: Designing for Security. ISBN-10: 1118809998  CSSLP CBK 2nd Ed. ISBN-13: 978-1466571273
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×