SlideShare a Scribd company logo

Application Threat Modeling In Risk Management

Mel Drews
Mel Drews

How to perform threat modeling of software to protect your business, critical assets and communicate your message to your boss and the Board of Directors

Technology
1 of 41
Download to read offline
Making it real for management Mel Drews mailto:mel@redcedarnet.com
Mel Drews CISSP, CISA, GWEB, GCFE, ABCDE Background  Configuring, managing technical security  Penetration testing  Designing governance & controls  Consulting on compliance issues  Operational risk assessments  IT security audit
Focusing on software because...  We deploy infrastructure controls (firewalls, anti-malware, IDS/IPS, etc.), but what are we trying to protect? What is vulnerable? – data and applications.  According to Gartner*, in 2014 enterprises spent $12B securing their network perimeters, but only $600M security applications.  Depending on industry, web applications account for up to 35% of data breaches.*  Lessons are applicable to other attack surfaces  Usefulness of approaching a complex problem from multiple angles
If it’s about people, processes and technology... What do we want these people to get out of the exercise?
We can...  Quantify risks in a realistic manner (disclaimer, disclaimer).  Identify previously unexamined control gaps exposing high-impact systems or processes.  Identify the mitigations that will give the best bang for the buck – not a ROI number, but relative ranking.  Give a realistic picture of how (in)secure we really are
Operationalizing risk assessment
What’s your attack surface?
What is a “threat”? Open Group – “Anything that is capable of acting in a manner resulting in harm to an asset and/or organization; for example, acts of God (weather, geological events, etc.); malicious actors; errors; failures.” (The Open Group, 2009) DHS – “Natural or man-made occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property.” (Department of Homeland Security [DHS], 2010) BITS – “Threat is anything that can act against an asset resulting in a potential loss.” (BITS, 2012)
Ways to model threats in software  Find all possible / likely bad actions  Attack trees  Misuse / Abuse cases  CAPEC  Analyze the code / application  Architectural Risk Analysis  Attack surface analysis  Attack paths  SDL  Code review  Static analysis  Blackbox methods  Fuzzing  Vulnerability scanning
Challenges to doing threat modeling  Confusion on what constitutes a threat vs. a vulnerability vs. a risk  Lack of guidance on methods to identify assets  Requiring participants with requisite expertise and training in threat analysis, a strong understanding of application design and a well-structured process  Security experts often learn from different risk profiles and use different techniques for modeling  Teaching threat modeling requires an apprentice-based approach that involves an appropriate curricula, adequate investment in effective education tools and a process for educating appropriate constituencies  Different types of applications have very different risk profiles meaning the threats will vary depending factors such as the application architecture (BITS, 2012)
Attack Trees  Identify possible attack goals  Think of all attacks against each goal
Attack Paths  “The attack targets are analyzed based on their connections to attack surfaces through call relationships.” (Brenneman, 2014)
Cyber Kill Chains®  Reconnaissance  Weaponization  Delivery  Exploit  Installation  Command & Control  Actions
Misuse / Abuse Case
Common Attack Pattern Enumeration and Classification (CAPEC) (MITRE Corp, 2014)
“Design flaws account for 50 percent of security problems, and architectural risk analysis plays an essential role in any solid security program.” (McGraw, 2006) Architectural Risk Review
Architectural flaw examples:  Forgot to authenticate the user  Broken authentication mechanism  No mapping of access control to job requirements  Insecure (or no) implementation of auditing functions  Failure to understand trust relationships – too much trust  Failure to employ encryption  Dependence on components with known vulnerabilities (libraries, frameworks, other modules)
Attack Surface Analysis  Targets and enablers Resources (processes and data) that an attacker can use or co-opt.  Channels and protocols Message passing and shared memory between endpoint processes and the rules for exchanging information.  Access rights Associated not only with files and directories, but also channels and endpoint processes. (Howard, Pincus & Wing, 2003)
Microsoft SDL Overview  Education  Continuous process improvement  Accountability (Microsoft. SDL Process: Design, 2014) (Microsoft, 2010)
(Microsoft, 2014)
Threat Modeling in the Microsoft SDL  SDL Phase II – Design:  “Threat modeling is used in environments where there is meaningful security risk. It is a practice that allows development teams to consider, document, and discuss the security implications of designs in the context of their planned operational environment and in a structured fashion. Threat modeling also allows consideration of security issues at the component or application level. Threat modeling is a team exercise, encompassing program/project managers, developers, and testers.” (Microsoft, 2010)
MS Threat Modeling steps  Diagramming  Data flow  Threat Enumeration  Focus on trust boundaries  S•T•R•I•D•E  List of threats  Team exercise engaging program/project managers, developers and testers  Mitigation  Validation  Completeness & accuracy of threats and the model (Shostack, 2008)
STRIDE  Spoofing  Tampering  Repudiation  Information Disclosure  Denial of Service  Escalation of Privilege (Shostack, 2008)
Demo time
(Microsoft, Introducing Microsoft Threat Modeling Tool,2016) Customizing the threat table
Critical Security Controls  CSC 2: Inventory of Authorized and Unauthorized Software.  CSC 4: Continuous Vulnerability Assessment and Remediation.  CSC 18: Application Software Security.  CSC 20: Penetration Tests and Red Team Exercises (in a mature control environment)
Asset Characterization Excerpt from System Characterization Worksheet, available under Creative Commons license at http://www.redcedarnet.com/p/blog-page.html
Asset list or database Impacts Asset Confidentiality Impact Integrity Impact Availability Impact Has Exposure X Has Exposure Y Inherent Risk Control Strength Overall Score Residual Risk LOB App1 $1M $200K $500K Y Y 100 4 25 Customer Svc App $800K $100K $80K N Y 45 3 15
Threat matrix
Risk, impact, likelihood, recommendation Risk Impact Likelihood Recommendation History of poor coding practices: While patches are available to address known vulnerabilities in the currently installed application version, application vendor, SoftCorp, has had a history of severe vulnerabilities recurring in multiple products. Their response to reported vulnerabilities has sometimes taken up to a year to address such issues. Application processes thousands of records daily and stores approximately 1.2 million unique data records. Unauthorized disclosure of this data could lead to costs in excess of risk appetite related to: Communication to regulators and customers, investigations, emergency remediation activities, enhanced regulatory scrutiny Currently known and previously patched vulnerabilities have been susceptible to exploitation by attackers possessing minimal skill or resources and only external connectivity. 1. Apply available patches 2. Deploy a Web Application Firewall between users and the application server. 3. Evaluate the feasibility of migrating to other available products. Management Response:
Quantifying Risk  Granularity?  Percentage of similar organizations experiencing a breach  Detailed analysis of likelihood impacting a given exposure  Control Strength  Threat Capability  Loss Event Frequency  What is the event / scenario?
Loss Magnitude  Direct costs due to loss of integrity  Direct costs due to unavailability  Don’t ask about confidentiality, ask about factors that allow you to calculate it as the expert:  Number of unique data records holding PII/NPII/PHI  Number of financial transactions processed by the application daily / monthly  Dollar value of financial transactions processed by the application if any, daily / monthly
Factor in additional costs  Direct:  Investigating  remediating  communicating  credit monitoring  Indirect:  Regulatory  Legal  Opportunity
Insider Threat  SEI CERT has a database cataloging more than 700 cases of malicious insider activity.*  Methods vary between cases involving technical staff and those that don’t.  Our threat models and controls need to address both
Who uses or recommends threat modeling?  Microsoft  Apple (Apple, 2014)  EMC (Dhillon, 2011)  VMware  Oracle (Oracle, 2014)  Mitre Corporation (MITRE, 2011)  India (Microsoft 2012)  Are you studying for the CSSLP? (ISC2, 2013)
Is it secure enough?
Apple. Risk Assessment and Threat Modeling. Retrieved 23 June 2014, from https://developer.apple.com/library/mac/documentation/security/concept ual/security_overview/ThreatModeling/ThreatModeling.html#//apple_ref/ doc/uid/TP40002495-SW5 BITS / The Financial Services Roundtable. (2011). Software Assurance Framework. http://www.bits.org/publications/security/BITSSoftwareAssurance0112.pdf Brenneman, D. Improving Software Security by Identifying and Securing Paths Linking Attack Surfaces to Attack Targets. McCabe Software. Retrieved 9 June 2014, from http://www.mccabe.com/pdf/Identifying%20and%20Securing%20Paths%2 0Linking%20Attack%20Surfaces%20to%20Attack%20Targets.pdf BSIMM. Building Security In Maturity Model. Retrieved 24 June 2014, from http://www.bsimm.com/online/ssdl/aa/ Department of Homeland Security. (2010). DHS Risk Lexicon. http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf
Dhillon, D. (2011). Developer-Driven Threat Modeling. IEEE Security & Privacy. http://www.infoq.com/articles/developer-driven-threat- modeling Dougherty, C., Sayre, K., Seacord, R., Svoboda, D., Togashi, K. (October 2009). Secure Design Patterns. Technical Report CMU/SEI-2009- TR-010 . Carnegie Mellon University Software Engineering Institute. http://resources.sei.cmu.edu/library/asset- view.cfm?assetid=9115 Hafiz, M., Security Pattern Catalog. Retrieved 13 June 2014 from http://www.munawarhafiz.com/securitypatterncatalog/index.php Howard, M., Pincus, J., & Wing, J. (2003). Measuring Relative Attack Surfaces. http://www.cs.cmu.edu/~wing/publications/Howard- Wing03.pdf ISC2. (2013). Certified Secure Software Lifecycle Professional. April 2013. https://www.isc2.org/csslp/default.aspx McGraw, G. (2006). Software Security: Building Security In. Addison- Wesley. ISBN-10: 0321356705
Microsoft Corporation. Benefits of the SDL. Retrieved 20 June 2014, from http://www.microsoft.com/security/sdl/about/benefits.aspx Microsoft Corporation (2012). Government of India Embraces Secure Application Development. http://www.microsoft.com/en- us/download/confirmation.aspx?id=29857 Microsoft Corporation. (2014). Introducing Microsoft Threat Modeling Tool 2014. Retrieved 23 June 2014, from http://blogs.msdn.com/b/sdl/archive/2014/04/15/introducing- microsoft-threat-modeling-tool-2014.aspx Microsoft Corporation. SDL Process: Design. Retrieved 24 June 2014, from http://www.microsoft.com/security/sdl/process/design.aspx Microsoft Corporation. (2010). Simplified Implementation of the Microsoft SDL. http://www.microsoft.com/en- us/download/details.aspx?id=12379&751be11f-ede8-5a0c-058c- 2ee190a24fa6=True MITRE Corporation. (2014). Common Attack Pattern Enumeration and Classification. Retrieved 6 June 2014, from http://capec.mitre.org/
MITRE Corporation. (2011). Threat Assessment and Remediation Analysis (TARA). http://www.mitre.org/publications/technical- papers/threat-assessment--remediation-analysis- tara The Open Group. (2009). Risk Taxonomy. https://www2.opengroup.org/ogsys/catalog/C13K Schneier, B. (1999). Attack Trees. Schneier on Security. Retrieved 13 June 2014, from https://www.schneier.com/paper-attacktrees-ddj- ft.html
Scott, J. & Kazman, R. (2009). Realizing and Refining Architectural Tactics: Availability. http://www.sei.cmu.edu/reports/09tr006.pdf Security Architecture Patterns. In Open Security Architecture. Retrieved 13 June 2014 from http://www.opensecurityarchitecture.org/cms/library/patter nlandscape Shostack, A. (2008). Experiences Threat Modeling at Microsoft. http://blogs.msdn.com/b/sdl/archive/2008/10/08/experience s-threat-modeling-at-microsoft.aspx Singhal, A. & Ou, X. (2011). Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs. National Institute of Standards and Technology Interagency Report 7788. http://csrc.nist.gov/publications/nistir/ir7788/NISTIR- 7788.pdf

Recommended

Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Priyanka Aash
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Rochester Security Summit
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterprise
Rafal Los
 
Rapid Threat Modeling : case study
Rapid Threat Modeling : case studyRapid Threat Modeling : case study
Rapid Threat Modeling : case study
Antonio Fontes
 
Developing a Threat Modeling Mindset
Developing a Threat Modeling MindsetDeveloping a Threat Modeling Mindset
Developing a Threat Modeling Mindset
Robert Hurlbut
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
Cigital
 
6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies 6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies
EC-Council
 
Cyber Threat Modeling
Cyber Threat ModelingCyber Threat Modeling
Cyber Threat Modeling
EC-Council
 

Recommended

Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Priyanka Aash
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Rochester Security Summit
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterprise
Rafal Los
 
Rapid Threat Modeling : case study
Rapid Threat Modeling : case studyRapid Threat Modeling : case study
Rapid Threat Modeling : case study
Antonio Fontes
 
Developing a Threat Modeling Mindset
Developing a Threat Modeling MindsetDeveloping a Threat Modeling Mindset
Developing a Threat Modeling Mindset
Robert Hurlbut
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
Cigital
 
6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies 6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies
EC-Council
 
Cyber Threat Modeling
Cyber Threat ModelingCyber Threat Modeling
Cyber Threat Modeling
EC-Council
 
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
North Texas Chapter of the ISSA
 
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
EC-Council
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security Risk
Security Innovation
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modeling
sedukull
 
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
South Tyrol Free Software Conference
 
Threat Simulation and Modeling Training
Threat Simulation and Modeling TrainingThreat Simulation and Modeling Training
Threat Simulation and Modeling Training
Bryan Len
 
Null bachav
Null bachavNull bachav
Null bachav
Naga Venkata Sunil Alamuri
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
EC-Council
 
Using the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingUsing the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modeling
Eric Jernigan MSIA, CISSP, CISM, CRISC
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMarco Morana
 
Threat modeling
Threat modelingThreat modeling
Threat modeling
Ankita Ganguly
 
Cyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDICyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDI
David Sweigert
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security Initiatives
Marco Morana
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling Framework
Chaitanya Bhatt
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber Security
John Gilligan
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?
John Gilligan
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability Assesment
Dedi Dwianto
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
Lionel Medina
 
Risk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsRisk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized Environments
Siddharth Coontoor
 
Security managment risks, controls and incidents
Security managment risks, controls and incidentsSecurity managment risks, controls and incidents
Security managment risks, controls and incidents
Edinburgh Napier University
 

More Related Content

What's hot

NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
North Texas Chapter of the ISSA
 
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
EC-Council
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security Risk
Security Innovation
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modeling
sedukull
 
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
South Tyrol Free Software Conference
 
Threat Simulation and Modeling Training
Threat Simulation and Modeling TrainingThreat Simulation and Modeling Training
Threat Simulation and Modeling Training
Bryan Len
 
Null bachav
Null bachavNull bachav
Null bachav
Naga Venkata Sunil Alamuri
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
EC-Council
 
Using the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingUsing the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modeling
Eric Jernigan MSIA, CISSP, CISM, CRISC
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMarco Morana
 
Threat modeling
Threat modelingThreat modeling
Threat modeling
Ankita Ganguly
 
Cyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDICyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDI
David Sweigert
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security Initiatives
Marco Morana
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling Framework
Chaitanya Bhatt
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber Security
John Gilligan
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?
John Gilligan
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability Assesment
Dedi Dwianto
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
Lionel Medina
 

What's hot (20)

NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
 
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security Risk
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modeling
 
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
 
Threat Simulation and Modeling Training
Threat Simulation and Modeling TrainingThreat Simulation and Modeling Training
Threat Simulation and Modeling Training
 
Null bachav
Null bachavNull bachav
Null bachav
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
 
Using the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingUsing the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modeling
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Threat modeling
Threat modelingThreat modeling
Threat modeling
 
Cyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDICyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDI
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security Initiatives
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling Framework
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber Security
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability Assesment
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
 

Viewers also liked

Risk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsRisk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized Environments
Siddharth Coontoor
 
Security managment risks, controls and incidents
Security managment risks, controls and incidentsSecurity managment risks, controls and incidents
Security managment risks, controls and incidents
Edinburgh Napier University
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
IBM Government
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & StrategyTony Hauxwell
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
xband
 
National Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action PlanNational Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action Plan
Dr David Probert
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
Tony Martin-Vegue
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
n|u - The Open Security Community
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Sounil Yu
 
Project risk management - Methodology and application
Project risk management - Methodology and applicationProject risk management - Methodology and application
Project risk management - Methodology and application
Marco De Santis, PMP, CFPP
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
Norbi Hegedus
 
Feasibility study about Poultry Business
Feasibility study about Poultry BusinessFeasibility study about Poultry Business
Feasibility study about Poultry Business
Benjie ROy Fortusa
 
Project communications management (PMBOK 5th Edition)
Project communications management (PMBOK 5th Edition)Project communications management (PMBOK 5th Edition)
Project communications management (PMBOK 5th Edition)
pankajsh10
 
Risk & Risk Management
Risk & Risk ManagementRisk & Risk Management
Risk & Risk Managementansula
 
Risk mangement
Risk mangementRisk mangement
Risk mangementcollege
 
Risk management
Risk managementRisk management
Risk management
Abhi Kalyan
 
Risk Management
Risk ManagementRisk Management
Risk Management
cgeorgeo
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
 

Viewers also liked (20)

Risk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsRisk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized Environments
 
Security managment risks, controls and incidents
Security managment risks, controls and incidentsSecurity managment risks, controls and incidents
Security managment risks, controls and incidents
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & Strategy
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
 
National Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action PlanNational Cybersecurity - Roadmap and Action Plan
National Cybersecurity - Roadmap and Action Plan
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 
Project risk management - Methodology and application
Project risk management - Methodology and applicationProject risk management - Methodology and application
Project risk management - Methodology and application
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
 
Feasibility study about Poultry Business
Feasibility study about Poultry BusinessFeasibility study about Poultry Business
Feasibility study about Poultry Business
 
Project communications management (PMBOK 5th Edition)
Project communications management (PMBOK 5th Edition)Project communications management (PMBOK 5th Edition)
Project communications management (PMBOK 5th Edition)
 
Risk & Risk Management
Risk & Risk ManagementRisk & Risk Management
Risk & Risk Management
 
Risk mangement
Risk mangementRisk mangement
Risk mangement
 
Risk management
Risk managementRisk management
Risk management
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 

Similar to Application Threat Modeling In Risk Management

Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real WorldMark Curphey
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
robbiesamuel
 
Threat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutThreat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert Hurlbut
DevSecCon
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
EnterpriseGRC Solutions, Inc.
 
Conducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class DesignConducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class Design
IJCSIS Research Publications
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
Mark Silver
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modeling
zakieh alizadeh
 
20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar
Jisoo Park
 
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Leslie McFarlin
 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
CSCJournals
 
CTI_introduction_recording final.pptx
CTI_introduction_recording final.pptxCTI_introduction_recording final.pptx
CTI_introduction_recording final.pptx
ipalmer489
 
Threat modelling
Threat modellingThreat modelling
Threat modelling
Rajeev Venkata
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learningBryan Fendley
 
Cyber Security Models - CxT Group
Cyber Security Models - CxT GroupCyber Security Models - CxT Group
Cyber Security Models - CxT Group
CXT Group
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
healdkathaleen
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application Security
SaadSaif6
 
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORKPROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
IJCSEA Journal
 
Integrating Threat Modeling in Secure Agent-Oriented Software Development
Integrating Threat Modeling in Secure Agent-Oriented Software DevelopmentIntegrating Threat Modeling in Secure Agent-Oriented Software Development
Integrating Threat Modeling in Secure Agent-Oriented Software Development
Waqas Tariq
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Audits
ijseajournal
 

Similar to Application Threat Modeling In Risk Management (20)

Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real World
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
Threat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutThreat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert Hurlbut
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
Conducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class DesignConducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class Design
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modeling
 
Gs Ch1
Gs Ch1Gs Ch1
Gs Ch1
 
20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar
 
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018
 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
 
CTI_introduction_recording final.pptx
CTI_introduction_recording final.pptxCTI_introduction_recording final.pptx
CTI_introduction_recording final.pptx
 
Threat modelling
Threat modellingThreat modelling
Threat modelling
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
 
Cyber Security Models - CxT Group
Cyber Security Models - CxT GroupCyber Security Models - CxT Group
Cyber Security Models - CxT Group
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application Security
 
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORKPROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
 
Integrating Threat Modeling in Secure Agent-Oriented Software Development
Integrating Threat Modeling in Secure Agent-Oriented Software DevelopmentIntegrating Threat Modeling in Secure Agent-Oriented Software Development
Integrating Threat Modeling in Secure Agent-Oriented Software Development
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Audits
 

Recently uploaded

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 

Recently uploaded (20)

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 

Application Threat Modeling In Risk Management

  • 1. Making it real for management Mel Drews mailto:mel@redcedarnet.com
  • 2. Mel Drews CISSP, CISA, GWEB, GCFE, ABCDE Background  Configuring, managing technical security  Penetration testing  Designing governance & controls  Consulting on compliance issues  Operational risk assessments  IT security audit
  • 3. Focusing on software because...  We deploy infrastructure controls (firewalls, anti-malware, IDS/IPS, etc.), but what are we trying to protect? What is vulnerable? – data and applications.  According to Gartner*, in 2014 enterprises spent $12B securing their network perimeters, but only $600M security applications.  Depending on industry, web applications account for up to 35% of data breaches.*  Lessons are applicable to other attack surfaces  Usefulness of approaching a complex problem from multiple angles
  • 4. If it’s about people, processes and technology... What do we want these people to get out of the exercise?
  • 5. We can...  Quantify risks in a realistic manner (disclaimer, disclaimer).  Identify previously unexamined control gaps exposing high-impact systems or processes.  Identify the mitigations that will give the best bang for the buck – not a ROI number, but relative ranking.  Give a realistic picture of how (in)secure we really are
  • 8. What is a “threat”? Open Group – “Anything that is capable of acting in a manner resulting in harm to an asset and/or organization; for example, acts of God (weather, geological events, etc.); malicious actors; errors; failures.” (The Open Group, 2009) DHS – “Natural or man-made occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property.” (Department of Homeland Security [DHS], 2010) BITS – “Threat is anything that can act against an asset resulting in a potential loss.” (BITS, 2012)
  • 9. Ways to model threats in software  Find all possible / likely bad actions  Attack trees  Misuse / Abuse cases  CAPEC  Analyze the code / application  Architectural Risk Analysis  Attack surface analysis  Attack paths  SDL  Code review  Static analysis  Blackbox methods  Fuzzing  Vulnerability scanning
  • 10. Challenges to doing threat modeling  Confusion on what constitutes a threat vs. a vulnerability vs. a risk  Lack of guidance on methods to identify assets  Requiring participants with requisite expertise and training in threat analysis, a strong understanding of application design and a well-structured process  Security experts often learn from different risk profiles and use different techniques for modeling  Teaching threat modeling requires an apprentice-based approach that involves an appropriate curricula, adequate investment in effective education tools and a process for educating appropriate constituencies  Different types of applications have very different risk profiles meaning the threats will vary depending factors such as the application architecture (BITS, 2012)
  • 11. Attack Trees  Identify possible attack goals  Think of all attacks against each goal
  • 12. Attack Paths  “The attack targets are analyzed based on their connections to attack surfaces through call relationships.” (Brenneman, 2014)
  • 13. Cyber Kill Chains®  Reconnaissance  Weaponization  Delivery  Exploit  Installation  Command & Control  Actions
  • 15. Common Attack Pattern Enumeration and Classification (CAPEC) (MITRE Corp, 2014)
  • 16. “Design flaws account for 50 percent of security problems, and architectural risk analysis plays an essential role in any solid security program.” (McGraw, 2006) Architectural Risk Review
  • 17. Architectural flaw examples:  Forgot to authenticate the user  Broken authentication mechanism  No mapping of access control to job requirements  Insecure (or no) implementation of auditing functions  Failure to understand trust relationships – too much trust  Failure to employ encryption  Dependence on components with known vulnerabilities (libraries, frameworks, other modules)
  • 18. Attack Surface Analysis  Targets and enablers Resources (processes and data) that an attacker can use or co-opt.  Channels and protocols Message passing and shared memory between endpoint processes and the rules for exchanging information.  Access rights Associated not only with files and directories, but also channels and endpoint processes. (Howard, Pincus & Wing, 2003)
  • 19. Microsoft SDL Overview  Education  Continuous process improvement  Accountability (Microsoft. SDL Process: Design, 2014) (Microsoft, 2010)
  • 21. Threat Modeling in the Microsoft SDL  SDL Phase II – Design:  “Threat modeling is used in environments where there is meaningful security risk. It is a practice that allows development teams to consider, document, and discuss the security implications of designs in the context of their planned operational environment and in a structured fashion. Threat modeling also allows consideration of security issues at the component or application level. Threat modeling is a team exercise, encompassing program/project managers, developers, and testers.” (Microsoft, 2010)
  • 22. MS Threat Modeling steps  Diagramming  Data flow  Threat Enumeration  Focus on trust boundaries  S•T•R•I•D•E  List of threats  Team exercise engaging program/project managers, developers and testers  Mitigation  Validation  Completeness & accuracy of threats and the model (Shostack, 2008)
  • 23. STRIDE  Spoofing  Tampering  Repudiation  Information Disclosure  Denial of Service  Escalation of Privilege (Shostack, 2008)
  • 25. (Microsoft, Introducing Microsoft Threat Modeling Tool,2016) Customizing the threat table
  • 26. Critical Security Controls  CSC 2: Inventory of Authorized and Unauthorized Software.  CSC 4: Continuous Vulnerability Assessment and Remediation.  CSC 18: Application Software Security.  CSC 20: Penetration Tests and Red Team Exercises (in a mature control environment)
  • 27. Asset Characterization Excerpt from System Characterization Worksheet, available under Creative Commons license at http://www.redcedarnet.com/p/blog-page.html
  • 28. Asset list or database Impacts Asset Confidentiality Impact Integrity Impact Availability Impact Has Exposure X Has Exposure Y Inherent Risk Control Strength Overall Score Residual Risk LOB App1 $1M $200K $500K Y Y 100 4 25 Customer Svc App $800K $100K $80K N Y 45 3 15
  • 30. Risk, impact, likelihood, recommendation Risk Impact Likelihood Recommendation History of poor coding practices: While patches are available to address known vulnerabilities in the currently installed application version, application vendor, SoftCorp, has had a history of severe vulnerabilities recurring in multiple products. Their response to reported vulnerabilities has sometimes taken up to a year to address such issues. Application processes thousands of records daily and stores approximately 1.2 million unique data records. Unauthorized disclosure of this data could lead to costs in excess of risk appetite related to: Communication to regulators and customers, investigations, emergency remediation activities, enhanced regulatory scrutiny Currently known and previously patched vulnerabilities have been susceptible to exploitation by attackers possessing minimal skill or resources and only external connectivity. 1. Apply available patches 2. Deploy a Web Application Firewall between users and the application server. 3. Evaluate the feasibility of migrating to other available products. Management Response:
  • 31. Quantifying Risk  Granularity?  Percentage of similar organizations experiencing a breach  Detailed analysis of likelihood impacting a given exposure  Control Strength  Threat Capability  Loss Event Frequency  What is the event / scenario?
  • 32. Loss Magnitude  Direct costs due to loss of integrity  Direct costs due to unavailability  Don’t ask about confidentiality, ask about factors that allow you to calculate it as the expert:  Number of unique data records holding PII/NPII/PHI  Number of financial transactions processed by the application daily / monthly  Dollar value of financial transactions processed by the application if any, daily / monthly
  • 33. Factor in additional costs  Direct:  Investigating  remediating  communicating  credit monitoring  Indirect:  Regulatory  Legal  Opportunity
  • 34. Insider Threat  SEI CERT has a database cataloging more than 700 cases of malicious insider activity.*  Methods vary between cases involving technical staff and those that don’t.  Our threat models and controls need to address both
  • 35. Who uses or recommends threat modeling?  Microsoft  Apple (Apple, 2014)  EMC (Dhillon, 2011)  VMware  Oracle (Oracle, 2014)  Mitre Corporation (MITRE, 2011)  India (Microsoft 2012)  Are you studying for the CSSLP? (ISC2, 2013)
  • 36. Is it secure enough?
  • 37. Apple. Risk Assessment and Threat Modeling. Retrieved 23 June 2014, from https://developer.apple.com/library/mac/documentation/security/concept ual/security_overview/ThreatModeling/ThreatModeling.html#//apple_ref/ doc/uid/TP40002495-SW5 BITS / The Financial Services Roundtable. (2011). Software Assurance Framework. http://www.bits.org/publications/security/BITSSoftwareAssurance0112.pdf Brenneman, D. Improving Software Security by Identifying and Securing Paths Linking Attack Surfaces to Attack Targets. McCabe Software. Retrieved 9 June 2014, from http://www.mccabe.com/pdf/Identifying%20and%20Securing%20Paths%2 0Linking%20Attack%20Surfaces%20to%20Attack%20Targets.pdf BSIMM. Building Security In Maturity Model. Retrieved 24 June 2014, from http://www.bsimm.com/online/ssdl/aa/ Department of Homeland Security. (2010). DHS Risk Lexicon. http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf
  • 38. Dhillon, D. (2011). Developer-Driven Threat Modeling. IEEE Security & Privacy. http://www.infoq.com/articles/developer-driven-threat- modeling Dougherty, C., Sayre, K., Seacord, R., Svoboda, D., Togashi, K. (October 2009). Secure Design Patterns. Technical Report CMU/SEI-2009- TR-010 . Carnegie Mellon University Software Engineering Institute. http://resources.sei.cmu.edu/library/asset- view.cfm?assetid=9115 Hafiz, M., Security Pattern Catalog. Retrieved 13 June 2014 from http://www.munawarhafiz.com/securitypatterncatalog/index.php Howard, M., Pincus, J., & Wing, J. (2003). Measuring Relative Attack Surfaces. http://www.cs.cmu.edu/~wing/publications/Howard- Wing03.pdf ISC2. (2013). Certified Secure Software Lifecycle Professional. April 2013. https://www.isc2.org/csslp/default.aspx McGraw, G. (2006). Software Security: Building Security In. Addison- Wesley. ISBN-10: 0321356705
  • 39. Microsoft Corporation. Benefits of the SDL. Retrieved 20 June 2014, from http://www.microsoft.com/security/sdl/about/benefits.aspx Microsoft Corporation (2012). Government of India Embraces Secure Application Development. http://www.microsoft.com/en- us/download/confirmation.aspx?id=29857 Microsoft Corporation. (2014). Introducing Microsoft Threat Modeling Tool 2014. Retrieved 23 June 2014, from http://blogs.msdn.com/b/sdl/archive/2014/04/15/introducing- microsoft-threat-modeling-tool-2014.aspx Microsoft Corporation. SDL Process: Design. Retrieved 24 June 2014, from http://www.microsoft.com/security/sdl/process/design.aspx Microsoft Corporation. (2010). Simplified Implementation of the Microsoft SDL. http://www.microsoft.com/en- us/download/details.aspx?id=12379&751be11f-ede8-5a0c-058c- 2ee190a24fa6=True MITRE Corporation. (2014). Common Attack Pattern Enumeration and Classification. Retrieved 6 June 2014, from http://capec.mitre.org/
  • 40. MITRE Corporation. (2011). Threat Assessment and Remediation Analysis (TARA). http://www.mitre.org/publications/technical- papers/threat-assessment--remediation-analysis- tara The Open Group. (2009). Risk Taxonomy. https://www2.opengroup.org/ogsys/catalog/C13K Schneier, B. (1999). Attack Trees. Schneier on Security. Retrieved 13 June 2014, from https://www.schneier.com/paper-attacktrees-ddj- ft.html
  • 41. Scott, J. & Kazman, R. (2009). Realizing and Refining Architectural Tactics: Availability. http://www.sei.cmu.edu/reports/09tr006.pdf Security Architecture Patterns. In Open Security Architecture. Retrieved 13 June 2014 from http://www.opensecurityarchitecture.org/cms/library/patter nlandscape Shostack, A. (2008). Experiences Threat Modeling at Microsoft. http://blogs.msdn.com/b/sdl/archive/2008/10/08/experience s-threat-modeling-at-microsoft.aspx Singhal, A. & Ou, X. (2011). Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs. National Institute of Standards and Technology Interagency Report 7788. http://csrc.nist.gov/publications/nistir/ir7788/NISTIR- 7788.pdf