SlideShare a Scribd company logo
Metricon 6, a Usenix Workshop SensePostThreat Modeling
Agenda Introduction What is TM Why TM Our goals with CTM Methodology Entities & Mapping Modeling Risk Calculation & Permutations Analysis Scenario Modeling Brief Comparisons
Dominic White @singe http://singe.za.net/ Work: Research: MSc in Security Interests in Privacy, Defensive Tech & Security Management About Me
Introduction What is TM Why TM Design Goals 1
A model in science is a physical, mathematical, or logical representation of a systemof entities, phenomena, or processes. Basically a model is a simplified abstract view of the complex reality Breadth over depth Represents criteria specific to analysis What is Modeling?
A threat model is: “A systematic, non-provable, internally consistent method of modeling a system, enumerating risks against it, and prioritising them.” Systematic Non-Provable Internally Consistent System Model Risk Enumeration Prioritisation What is Threat Modeling?
Escaping the Detail Trade Off
Usual Drivers of Controls Audit reports Prioritises: financial systems, audit house priorities, auditor skills, rotation plan, known systems Vendor marketing Prioritises: new problems, overinflated problems, product as solution New Attacks Prioritises: popular vulnerability research, complex attacks Individual Experience Prioritises: past experience, new systems, individual motives  Why Threat Model?
Threat Modeling provides: All (most) information security risks systematic enumeration of risks Prioritisation of risks puts known risks in their place & compares new risks Justification no appeal to expert authority Decision Making scenario modeling to test decisions Education Can involve whole team Why Threat Model?
Developed for consultative role  i.e. likely not the person making the changes Focus is on: Providing decision making information Rapid initial model creation Hybrid approach Bit of all the others Some parts we just threw out Highly flexible Initially, due to uncertainty, increasingly less so Detailed & aggregated results Includes test plan for verification SensePost CTM Design Goals
Methodology Entities & Mappings 2.1
Entity Overview Locations  Controls Users  enforceable trust Interfaces  method of system access asset value Attacks likelihood Damage Tests certainty relevance
Represent the trust (controls) of  a location Interfaces are exposed at locations Users are present at locations Three types: Physical Data centers, Head Office, Remote Sites Network Internet, DMZ, Server Network, User Network Logical / Functional (new) Represent controls within authorisation levels Administrative, authenticated, unauthenticated access Locations
Enforceable trust of user group i.e. contractual or controlled trust, not gut feel Users are mapped to locations Interfaces are exposed to users via locations Example general groups: Anonymous unidentified or unauthenticated users External Users suppliers, contractors Internal Employees application users, administrators, call center Users
Methods of interacting with a system or asset They are things an attacker could compromise Exposes the value of asset Interfaces to the same system have a consistent value Value can be set to existing system criticality ratings Types Physical Console Access, Hardware Network Remote Desktop, SSH, NTP Functional (new) Represent access to data & functionality within an authorisation role Administrative Access, Approve Transaction Interfaces
Users are present at certain locations Many to Many mapping Both are a representation of controls “Company founder in the mission impossible room” vs.. “Unknown Outsider on the Internet” Location type mappings Physical – users who can be physically present Network – users who can access the network Logical – users who have been granted, or have authorisation MappingUsers to Locations
Interfaces are present at certain locations Many to Many mapping Constraints Physical interfaces only mapped to physical locations Physical Server in Data Centre A Technical interfaces only mapped to network locations Remote Desktop in Internal Network Functionality interfaces only to functional locations Execute Trade in Broken Role MappingInterfaces to Locations
Attacks An attack in performed on an interface to expose some of its value Likelihood is based on factors specific to the attack Excludes trust of users, or controls in place General likelihood defined per attack, but made specific when mapped Popularity, easy of discovery/exploitation, prevalence (DREAD) Initial work into using external attack metrics VERIS – best mapping, sometimes non-discreet CWE – too detailed, vulns specific, no “abuse of privilege” STRIDE – not specific enough Impact is the worst case scenario Defines how much of interface value would be affected (damage) Originally named “risks”
Attacks are performed against interfaces Many to one mapping Likelihood & Impact made specific per mapping System CIA should be considered e.g. theft of e-mail may be more damaging to the CEO than the gardener “Could this attack lead to a full compromise of the system?” Examples Physical theft of the Physical Server Password Bruteforce against Outlook Web Access Web Front-End Abuse of Privilege of the Administrator Role MappingAttacks to Interfaces
Validate permutations of threat vector combinations Can be any type of test that provides more information Technical test, research, policy work Different tests provide a different level of certainty Proved  Disproved Can be granularly mapped Against a specific entity or combination of entities Tests
Methodology Modeling How-to System Template 	Guidelines 2.2
Data Gathering Collect as much information about the environment as you can. Network diagrams, key system documentation, existing risk/criticality analysis, past audit reports Interview Ideally, find a tech generalist with a good overview, then get specific, large company’s knowledge is more distributed Look to validate statements across interviews Get multiple “views” on criticality Testing Light testing to validate claims e.g. basic network footprintingor application use Passive collection Look for problems that should come out in the TM e.g. if they have regular & damaging virus outbreaks and the TM disagrees … ModelingA How-To
System Template<Name> |<Description> AA Authentication Source Authorization Integration Source Destination Criticality Include overall rating, individual ratings & reasons Confidentiality Integrity Availability Possession Authenticity Utility Locations Physical Network Functional (controls) Interfaces Include number & locations Physical Network Functional (access) Users Include number & locations Admins Users Support
Identify unique entitiesfrom completed system templates and general documentation – reconcile if differences Identify shared infrastructure & create new systems for them Map users & interfaces to locations Linked systems An application's functional interfaces should be mapped to its infrastructure’s functional locations For integrated systems, map functional interfaces to locations depending on access (push vs.. pull vs.. full) Process
Keep everything equally specific Summarise when no meaningful security difference Don’t create interfaces per-system for shared infrastructure Don’t represent risks more than once e.g. Don’t map two interfaces to the same system to the same location unless they are different “paths” e.g. administrator access implies “normal” access Avoid catch-all systems such as “user’s computers” rather model them as interfaces to relevant areas 2-tier vs.. 3-tier applications have different access from the application to the DB & vice-versa Modeling Gotchas
Methodology Calculations & Permutations 2.3
Entity Relationship present at available at performed at performed on performed by
Permutations Administrators Exchange MAPI Head Office Remote MAPI Exploit Anonymous
Understand concepts in relation to each other Discrete Individually necessary Collectively sufficient risk = threat x vulnerability x impact Disclaimer: Σ – The International Sign for “Stop Reading Here” Risk Equation
The tool gives us the following inputs User Trust Location Trust (controls) Interface Value Attack Likelihood Attack Impact But, complete freedom in defining how they are mashed up Input Values
risk = threat x vulnerability x impact likelihood = threat x vulnerability risk = likelihood x impact Likelihood
risk = applied likelihood + value at risk applied likelihood =  attack likelihood (reduced by) user trust + location trust value at risk =  value of asset (reduced by) 		amount of asset exposed by attack Risk Equation Used
[6 minus] – Ratings are out of 5 & denote a positive trust value, we want the “distrust” value [multiply 0.2] – We want the trust & impact to moderate the likelihood & value [divide by 2] – We take an average of user & location trust (equally weighted) Risk Equation
Methodology Analysis  2.4
Takes every permutation & provides analysis graphs & a risk curve Provides three things Risk Curve One view to rule them all Analysis Graphs Slice & Dice Detailed risk searching/pivot table Zoom Threat Model Dashboard
Challenge was to provide management view Single number loses too much context Frequency graph of number of “risks” per severity level Risk Curve
“Digital” version of risk curve, with ability to show risks per entity type Can view per “perspective” physical, technical, functional Can zoom into showing only risks relating to a specific system Can look at “pivot” risks, i.e. attacks available to someone once they have compromised a system Analysis Graphs
Analysis Graphs ExampleAll Perspectives, by Attack
Analysis Graphs ExampleAll Perspectives, by Interfaces
Analysis Graphs ExampleAll Perspectives, by Users
Analysis Graphs ExampleAll Perspectives, by Locations
Analysis Graphs ExampleTechnical Perspectives, by Attack
Analysis Graphs ExampleFunctional attacks from Active Directory
Methodology Scenario Modeling 2.5
Area Under Review
Risk Frequency
Cumulative Risk per Location
Cumulative Risk per Threat
Suggested Change
Resulting Risk Frequency
Resulting Risk per Location
Recommended Change
Resulting Risk Frequency
Tool re-write - aiming for cross platform enforcing certain design constraints e.g. physical <-> physical mappings only macro’ing time consuming tasks Adding population size Permutations favour specificity e.g. if you define multiple user groups for one application & not another, the first app has more risks Refining the risk equation Equal consideration of user & location trust may need refining Normalise across physical, network & functional “views” Refining modeling bounding as results are tested Future Work

More Related Content

What's hot

Lecture 13 requirements modeling - flow & behavior (2)
Lecture 13   requirements modeling - flow &  behavior (2)Lecture 13   requirements modeling - flow &  behavior (2)
Lecture 13 requirements modeling - flow & behavior (2)
IIUI
 
Review 2
Review  2Review  2
Review 2
lakshunnaidu
 
IT6701-Information Management Unit 2
IT6701-Information Management Unit 2IT6701-Information Management Unit 2
IT6701-Information Management Unit 2
SIMONTHOMAS S
 
Software engg. pressman_ch-8
Software engg. pressman_ch-8Software engg. pressman_ch-8
Software engg. pressman_ch-8
Dhairya Joshi
 
Vulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityVulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application security
ijcsa
 
Lecture 15 requirements modeling - scenario, information and analysis class...
Lecture 15   requirements modeling - scenario, information and analysis class...Lecture 15   requirements modeling - scenario, information and analysis class...
Lecture 15 requirements modeling - scenario, information and analysis class...
IIUI
 
The security mindset securing social media integrations and social learning...
The security mindset   securing social media integrations and social learning...The security mindset   securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...
franco_bb
 
SECURITY BRIEFING companion to HPSR Security Briefing 13
SECURITY BRIEFING companion to HPSR Security Briefing 13SECURITY BRIEFING companion to HPSR Security Briefing 13
SECURITY BRIEFING companion to HPSR Security Briefing 13
Angela Gunn
 
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
James W. De Rienzo
 
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for CyberinfrastructureLightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
jbasney
 
020170482 x
020170482 x020170482 x
020170482 x
raghuinfo
 
Lifecycle of an advanced persistent threat
Lifecycle of an advanced persistent threatLifecycle of an advanced persistent threat
Lifecycle of an advanced persistent threat
Bee_Ware
 
Real time and distributed design
Real time and distributed designReal time and distributed design
Real time and distributed design
priyapavi96
 
Class based modeling
Class based modelingClass based modeling
Class based modeling
Md. Shafiuzzaman Hira
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Kymberlee Price
 
Lecture 16 requirements modeling - scenario, information and analysis classes
Lecture 16   requirements modeling - scenario, information and analysis classesLecture 16   requirements modeling - scenario, information and analysis classes
Lecture 16 requirements modeling - scenario, information and analysis classes
IIUI
 
CHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddel
CHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddelCHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddel
CHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddel
mohamed khalaf alla mohamedain
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
btpsec
 
Our talk in Black Hat Asia 2015 Briefing
Our talk in Black Hat Asia 2015 Briefing Our talk in Black Hat Asia 2015 Briefing
Our talk in Black Hat Asia 2015 Briefing
SecPod Technologies
 
Evasion Attack Detection using Adaboost Learning Classifier
Evasion Attack Detection using Adaboost Learning ClassifierEvasion Attack Detection using Adaboost Learning Classifier
Evasion Attack Detection using Adaboost Learning Classifier
IRJET Journal
 

What's hot (20)

Lecture 13 requirements modeling - flow & behavior (2)
Lecture 13   requirements modeling - flow &  behavior (2)Lecture 13   requirements modeling - flow &  behavior (2)
Lecture 13 requirements modeling - flow & behavior (2)
 
Review 2
Review  2Review  2
Review 2
 
IT6701-Information Management Unit 2
IT6701-Information Management Unit 2IT6701-Information Management Unit 2
IT6701-Information Management Unit 2
 
Software engg. pressman_ch-8
Software engg. pressman_ch-8Software engg. pressman_ch-8
Software engg. pressman_ch-8
 
Vulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityVulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application security
 
Lecture 15 requirements modeling - scenario, information and analysis class...
Lecture 15   requirements modeling - scenario, information and analysis class...Lecture 15   requirements modeling - scenario, information and analysis class...
Lecture 15 requirements modeling - scenario, information and analysis class...
 
The security mindset securing social media integrations and social learning...
The security mindset   securing social media integrations and social learning...The security mindset   securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...
 
SECURITY BRIEFING companion to HPSR Security Briefing 13
SECURITY BRIEFING companion to HPSR Security Briefing 13SECURITY BRIEFING companion to HPSR Security Briefing 13
SECURITY BRIEFING companion to HPSR Security Briefing 13
 
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
 
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for CyberinfrastructureLightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
 
020170482 x
020170482 x020170482 x
020170482 x
 
Lifecycle of an advanced persistent threat
Lifecycle of an advanced persistent threatLifecycle of an advanced persistent threat
Lifecycle of an advanced persistent threat
 
Real time and distributed design
Real time and distributed designReal time and distributed design
Real time and distributed design
 
Class based modeling
Class based modelingClass based modeling
Class based modeling
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
 
Lecture 16 requirements modeling - scenario, information and analysis classes
Lecture 16   requirements modeling - scenario, information and analysis classesLecture 16   requirements modeling - scenario, information and analysis classes
Lecture 16 requirements modeling - scenario, information and analysis classes
 
CHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddel
CHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddelCHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddel
CHAPTER 6 REQUIREMENTS MODELING: SCENARIO based Model , Class based moddel
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
 
Our talk in Black Hat Asia 2015 Briefing
Our talk in Black Hat Asia 2015 Briefing Our talk in Black Hat Asia 2015 Briefing
Our talk in Black Hat Asia 2015 Briefing
 
Evasion Attack Detection using Adaboost Learning Classifier
Evasion Attack Detection using Adaboost Learning ClassifierEvasion Attack Detection using Adaboost Learning Classifier
Evasion Attack Detection using Adaboost Learning Classifier
 

Viewers also liked

تفسير الجزء الحادي والعشرون
تفسير الجزء الحادي والعشرونتفسير الجزء الحادي والعشرون
تفسير الجزء الحادي والعشرون
Mohammad Ihmeidan
 
تفسير الجزء الثاني عشر من القرآن / تفسير الميسر
  تفسير الجزء الثاني عشر من القرآن / تفسير الميسر   تفسير الجزء الثاني عشر من القرآن / تفسير الميسر
تفسير الجزء الثاني عشر من القرآن / تفسير الميسر
Mohammad Ihmeidan
 
David delgado resume
David delgado resumeDavid delgado resume
David delgado resume
David Delgado
 
تفسير الجزء الحادي عشر من القرآن / تفسير الميسر
   تفسير الجزء الحادي عشر من القرآن / تفسير الميسر    تفسير الجزء الحادي عشر من القرآن / تفسير الميسر
تفسير الجزء الحادي عشر من القرآن / تفسير الميسر
Mohammad Ihmeidan
 
تفسير الجزء السابع عشر
تفسير الجزء السابع عشرتفسير الجزء السابع عشر
تفسير الجزء السابع عشر
Mohammad Ihmeidan
 
DRP Resume-2016
DRP Resume-2016DRP Resume-2016
DRP Resume-2016
Donna Padgett
 
Singspell
SingspellSingspell
Singspell
diana1096
 
Mattie Archie Updated Resume
Mattie Archie Updated ResumeMattie Archie Updated Resume
Mattie Archie Updated Resume
Mattie Archie
 
0 Kindergarden Schedule
0 Kindergarden Schedule0 Kindergarden Schedule
0 Kindergarden Schedule
diana1096
 
تفسير الجزء الثلاثون
تفسير الجزء الثلاثونتفسير الجزء الثلاثون
تفسير الجزء الثلاثون
Mohammad Ihmeidan
 
تفسير الجزء الثاني من القرآن / تفسير الميسر
تفسير الجزء الثاني من القرآن / تفسير الميسر تفسير الجزء الثاني من القرآن / تفسير الميسر
تفسير الجزء الثاني من القرآن / تفسير الميسر
Mohammad Ihmeidan
 
Challenges for PLE research and development
Challenges for PLE research and developmentChallenges for PLE research and development
Challenges for PLE research and development
Marco Kalz
 
7 Ferramentas Empreendedoras
7 Ferramentas Empreendedoras7 Ferramentas Empreendedoras
7 Ferramentas Empreendedoras
Renata Tárrio
 
Wanda D. Cleckley Legal Sec November 2016
Wanda D. Cleckley Legal Sec November 2016Wanda D. Cleckley Legal Sec November 2016
Wanda D. Cleckley Legal Sec November 2016
Rev. Wanda D. Cleckley
 
مدونة الاسرة
مدونة الاسرة مدونة الاسرة
Technological convergence video games
Technological convergence video gamesTechnological convergence video games
Technological convergence video games
cigdemkalem
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modelling
Invisibits
 
A Path towards IFRS
A Path towards IFRSA Path towards IFRS
A Path towards IFRS
Aditya Amar M
 
Corporate Resource Management - CRM - Comunicação
Corporate Resource Management - CRM - ComunicaçãoCorporate Resource Management - CRM - Comunicação
Corporate Resource Management - CRM - Comunicação
ColegioFenix
 
Corporate Resource Management - CRM - Tomada de Decisão
Corporate Resource Management - CRM - Tomada de DecisãoCorporate Resource Management - CRM - Tomada de Decisão
Corporate Resource Management - CRM - Tomada de Decisão
ColegioFenix
 

Viewers also liked (20)

تفسير الجزء الحادي والعشرون
تفسير الجزء الحادي والعشرونتفسير الجزء الحادي والعشرون
تفسير الجزء الحادي والعشرون
 
تفسير الجزء الثاني عشر من القرآن / تفسير الميسر
  تفسير الجزء الثاني عشر من القرآن / تفسير الميسر   تفسير الجزء الثاني عشر من القرآن / تفسير الميسر
تفسير الجزء الثاني عشر من القرآن / تفسير الميسر
 
David delgado resume
David delgado resumeDavid delgado resume
David delgado resume
 
تفسير الجزء الحادي عشر من القرآن / تفسير الميسر
   تفسير الجزء الحادي عشر من القرآن / تفسير الميسر    تفسير الجزء الحادي عشر من القرآن / تفسير الميسر
تفسير الجزء الحادي عشر من القرآن / تفسير الميسر
 
تفسير الجزء السابع عشر
تفسير الجزء السابع عشرتفسير الجزء السابع عشر
تفسير الجزء السابع عشر
 
DRP Resume-2016
DRP Resume-2016DRP Resume-2016
DRP Resume-2016
 
Singspell
SingspellSingspell
Singspell
 
Mattie Archie Updated Resume
Mattie Archie Updated ResumeMattie Archie Updated Resume
Mattie Archie Updated Resume
 
0 Kindergarden Schedule
0 Kindergarden Schedule0 Kindergarden Schedule
0 Kindergarden Schedule
 
تفسير الجزء الثلاثون
تفسير الجزء الثلاثونتفسير الجزء الثلاثون
تفسير الجزء الثلاثون
 
تفسير الجزء الثاني من القرآن / تفسير الميسر
تفسير الجزء الثاني من القرآن / تفسير الميسر تفسير الجزء الثاني من القرآن / تفسير الميسر
تفسير الجزء الثاني من القرآن / تفسير الميسر
 
Challenges for PLE research and development
Challenges for PLE research and developmentChallenges for PLE research and development
Challenges for PLE research and development
 
7 Ferramentas Empreendedoras
7 Ferramentas Empreendedoras7 Ferramentas Empreendedoras
7 Ferramentas Empreendedoras
 
Wanda D. Cleckley Legal Sec November 2016
Wanda D. Cleckley Legal Sec November 2016Wanda D. Cleckley Legal Sec November 2016
Wanda D. Cleckley Legal Sec November 2016
 
مدونة الاسرة
مدونة الاسرة مدونة الاسرة
مدونة الاسرة
 
Technological convergence video games
Technological convergence video gamesTechnological convergence video games
Technological convergence video games
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modelling
 
A Path towards IFRS
A Path towards IFRSA Path towards IFRS
A Path towards IFRS
 
Corporate Resource Management - CRM - Comunicação
Corporate Resource Management - CRM - ComunicaçãoCorporate Resource Management - CRM - Comunicação
Corporate Resource Management - CRM - Comunicação
 
Corporate Resource Management - CRM - Tomada de Decisão
Corporate Resource Management - CRM - Tomada de DecisãoCorporate Resource Management - CRM - Tomada de Decisão
Corporate Resource Management - CRM - Tomada de Decisão
 

Similar to SensePost Threat Modelling

Practical Security Architecture Analysis
Practical Security Architecture AnalysisPractical Security Architecture Analysis
Practical Security Architecture Analysis
Phil Huggins FBCS CITP
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modeling
zakieh alizadeh
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0
Rafal Los
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment Services
Chris Nickerson
 
NH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 KamensNH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 Kamens
kamensm02
 
pentration testing.pdf
pentration testing.pdfpentration testing.pdf
pentration testing.pdf
Ramya Nellutla
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
abhimanyubhogwan
 
Threat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devicesThreat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devices
Frédéric Sagez
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Marco Morana
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
Core Security Technologies
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Jorge Orchilles
 
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...
Shakas Technologies
 
1.Review news reports from a specific data breach. Choose a breach f.pdf
1.Review news reports from a specific data breach. Choose a breach f.pdf1.Review news reports from a specific data breach. Choose a breach f.pdf
1.Review news reports from a specific data breach. Choose a breach f.pdf
arihantpatna
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
University of the CumberlandsSchool of Computer & Information .docx
University of the CumberlandsSchool of Computer & Information .docxUniversity of the CumberlandsSchool of Computer & Information .docx
University of the CumberlandsSchool of Computer & Information .docx
jolleybendicty
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
Mel Drews
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
drewz lin
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
QA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
QA or the Highway
 

Similar to SensePost Threat Modelling (20)

Practical Security Architecture Analysis
Practical Security Architecture AnalysisPractical Security Architecture Analysis
Practical Security Architecture Analysis
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modeling
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment Services
 
NH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 KamensNH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 Kamens
 
pentration testing.pdf
pentration testing.pdfpentration testing.pdf
pentration testing.pdf
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
 
Threat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devicesThreat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devices
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
 
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...
Toward Effective Evaluation of Cyber Defense Threat Based Adversary Emulation...
 
1.Review news reports from a specific data breach. Choose a breach f.pdf
1.Review news reports from a specific data breach. Choose a breach f.pdf1.Review news reports from a specific data breach. Choose a breach f.pdf
1.Review news reports from a specific data breach. Choose a breach f.pdf
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
University of the CumberlandsSchool of Computer & Information .docx
University of the CumberlandsSchool of Computer & Information .docxUniversity of the CumberlandsSchool of Computer & Information .docx
University of the CumberlandsSchool of Computer & Information .docx
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 

More from SensePost

objection - runtime mobile exploration
objection - runtime mobile explorationobjection - runtime mobile exploration
objection - runtime mobile exploration
SensePost
 
Vulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationVulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based Application
SensePost
 
Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17
SensePost
 
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitIntroducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration Toolkit
SensePost
 
ZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana Attacks
SensePost
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
SensePost
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed Overview
SensePost
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
SensePost
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tat
SensePost
 
Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation Systems
SensePost
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented Defence
SensePost
 
Threats to machine clouds
Threats to machine cloudsThreats to machine clouds
Threats to machine clouds
SensePost
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating System
SensePost
 
SNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) Pwnage
SensePost
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get Hacked
SensePost
 
Web Application Hacking
Web Application HackingWeb Application Hacking
Web Application Hacking
SensePost
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorism
SensePost
 
Major global information security trends - a summary
Major global information security trends - a  summaryMajor global information security trends - a  summary
Major global information security trends - a summary
SensePost
 
Attacks and Defences
Attacks and DefencesAttacks and Defences
Attacks and Defences
SensePost
 
Corporate Threat Modeling v2
Corporate Threat Modeling v2Corporate Threat Modeling v2
Corporate Threat Modeling v2
SensePost
 

More from SensePost (20)

objection - runtime mobile exploration
objection - runtime mobile explorationobjection - runtime mobile exploration
objection - runtime mobile exploration
 
Vulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationVulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based Application
 
Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17
 
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitIntroducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration Toolkit
 
ZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana Attacks
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed Overview
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tat
 
Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation Systems
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented Defence
 
Threats to machine clouds
Threats to machine cloudsThreats to machine clouds
Threats to machine clouds
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating System
 
SNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) Pwnage
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get Hacked
 
Web Application Hacking
Web Application HackingWeb Application Hacking
Web Application Hacking
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorism
 
Major global information security trends - a summary
Major global information security trends - a  summaryMajor global information security trends - a  summary
Major global information security trends - a summary
 
Attacks and Defences
Attacks and DefencesAttacks and Defences
Attacks and Defences
 
Corporate Threat Modeling v2
Corporate Threat Modeling v2Corporate Threat Modeling v2
Corporate Threat Modeling v2
 

Recently uploaded

Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
leebarnesutopia
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
HarpalGohil4
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 

Recently uploaded (20)

Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 

SensePost Threat Modelling

  • 1. Metricon 6, a Usenix Workshop SensePostThreat Modeling
  • 2. Agenda Introduction What is TM Why TM Our goals with CTM Methodology Entities & Mapping Modeling Risk Calculation & Permutations Analysis Scenario Modeling Brief Comparisons
  • 3. Dominic White @singe http://singe.za.net/ Work: Research: MSc in Security Interests in Privacy, Defensive Tech & Security Management About Me
  • 4. Introduction What is TM Why TM Design Goals 1
  • 5. A model in science is a physical, mathematical, or logical representation of a systemof entities, phenomena, or processes. Basically a model is a simplified abstract view of the complex reality Breadth over depth Represents criteria specific to analysis What is Modeling?
  • 6. A threat model is: “A systematic, non-provable, internally consistent method of modeling a system, enumerating risks against it, and prioritising them.” Systematic Non-Provable Internally Consistent System Model Risk Enumeration Prioritisation What is Threat Modeling?
  • 8. Usual Drivers of Controls Audit reports Prioritises: financial systems, audit house priorities, auditor skills, rotation plan, known systems Vendor marketing Prioritises: new problems, overinflated problems, product as solution New Attacks Prioritises: popular vulnerability research, complex attacks Individual Experience Prioritises: past experience, new systems, individual motives Why Threat Model?
  • 9. Threat Modeling provides: All (most) information security risks systematic enumeration of risks Prioritisation of risks puts known risks in their place & compares new risks Justification no appeal to expert authority Decision Making scenario modeling to test decisions Education Can involve whole team Why Threat Model?
  • 10. Developed for consultative role i.e. likely not the person making the changes Focus is on: Providing decision making information Rapid initial model creation Hybrid approach Bit of all the others Some parts we just threw out Highly flexible Initially, due to uncertainty, increasingly less so Detailed & aggregated results Includes test plan for verification SensePost CTM Design Goals
  • 11. Methodology Entities & Mappings 2.1
  • 12. Entity Overview Locations Controls Users enforceable trust Interfaces method of system access asset value Attacks likelihood Damage Tests certainty relevance
  • 13. Represent the trust (controls) of a location Interfaces are exposed at locations Users are present at locations Three types: Physical Data centers, Head Office, Remote Sites Network Internet, DMZ, Server Network, User Network Logical / Functional (new) Represent controls within authorisation levels Administrative, authenticated, unauthenticated access Locations
  • 14. Enforceable trust of user group i.e. contractual or controlled trust, not gut feel Users are mapped to locations Interfaces are exposed to users via locations Example general groups: Anonymous unidentified or unauthenticated users External Users suppliers, contractors Internal Employees application users, administrators, call center Users
  • 15. Methods of interacting with a system or asset They are things an attacker could compromise Exposes the value of asset Interfaces to the same system have a consistent value Value can be set to existing system criticality ratings Types Physical Console Access, Hardware Network Remote Desktop, SSH, NTP Functional (new) Represent access to data & functionality within an authorisation role Administrative Access, Approve Transaction Interfaces
  • 16. Users are present at certain locations Many to Many mapping Both are a representation of controls “Company founder in the mission impossible room” vs.. “Unknown Outsider on the Internet” Location type mappings Physical – users who can be physically present Network – users who can access the network Logical – users who have been granted, or have authorisation MappingUsers to Locations
  • 17. Interfaces are present at certain locations Many to Many mapping Constraints Physical interfaces only mapped to physical locations Physical Server in Data Centre A Technical interfaces only mapped to network locations Remote Desktop in Internal Network Functionality interfaces only to functional locations Execute Trade in Broken Role MappingInterfaces to Locations
  • 18. Attacks An attack in performed on an interface to expose some of its value Likelihood is based on factors specific to the attack Excludes trust of users, or controls in place General likelihood defined per attack, but made specific when mapped Popularity, easy of discovery/exploitation, prevalence (DREAD) Initial work into using external attack metrics VERIS – best mapping, sometimes non-discreet CWE – too detailed, vulns specific, no “abuse of privilege” STRIDE – not specific enough Impact is the worst case scenario Defines how much of interface value would be affected (damage) Originally named “risks”
  • 19. Attacks are performed against interfaces Many to one mapping Likelihood & Impact made specific per mapping System CIA should be considered e.g. theft of e-mail may be more damaging to the CEO than the gardener “Could this attack lead to a full compromise of the system?” Examples Physical theft of the Physical Server Password Bruteforce against Outlook Web Access Web Front-End Abuse of Privilege of the Administrator Role MappingAttacks to Interfaces
  • 20. Validate permutations of threat vector combinations Can be any type of test that provides more information Technical test, research, policy work Different tests provide a different level of certainty Proved  Disproved Can be granularly mapped Against a specific entity or combination of entities Tests
  • 21. Methodology Modeling How-to System Template Guidelines 2.2
  • 22. Data Gathering Collect as much information about the environment as you can. Network diagrams, key system documentation, existing risk/criticality analysis, past audit reports Interview Ideally, find a tech generalist with a good overview, then get specific, large company’s knowledge is more distributed Look to validate statements across interviews Get multiple “views” on criticality Testing Light testing to validate claims e.g. basic network footprintingor application use Passive collection Look for problems that should come out in the TM e.g. if they have regular & damaging virus outbreaks and the TM disagrees … ModelingA How-To
  • 23. System Template<Name> |<Description> AA Authentication Source Authorization Integration Source Destination Criticality Include overall rating, individual ratings & reasons Confidentiality Integrity Availability Possession Authenticity Utility Locations Physical Network Functional (controls) Interfaces Include number & locations Physical Network Functional (access) Users Include number & locations Admins Users Support
  • 24. Identify unique entitiesfrom completed system templates and general documentation – reconcile if differences Identify shared infrastructure & create new systems for them Map users & interfaces to locations Linked systems An application's functional interfaces should be mapped to its infrastructure’s functional locations For integrated systems, map functional interfaces to locations depending on access (push vs.. pull vs.. full) Process
  • 25. Keep everything equally specific Summarise when no meaningful security difference Don’t create interfaces per-system for shared infrastructure Don’t represent risks more than once e.g. Don’t map two interfaces to the same system to the same location unless they are different “paths” e.g. administrator access implies “normal” access Avoid catch-all systems such as “user’s computers” rather model them as interfaces to relevant areas 2-tier vs.. 3-tier applications have different access from the application to the DB & vice-versa Modeling Gotchas
  • 26. Methodology Calculations & Permutations 2.3
  • 27. Entity Relationship present at available at performed at performed on performed by
  • 28. Permutations Administrators Exchange MAPI Head Office Remote MAPI Exploit Anonymous
  • 29. Understand concepts in relation to each other Discrete Individually necessary Collectively sufficient risk = threat x vulnerability x impact Disclaimer: Σ – The International Sign for “Stop Reading Here” Risk Equation
  • 30. The tool gives us the following inputs User Trust Location Trust (controls) Interface Value Attack Likelihood Attack Impact But, complete freedom in defining how they are mashed up Input Values
  • 31. risk = threat x vulnerability x impact likelihood = threat x vulnerability risk = likelihood x impact Likelihood
  • 32. risk = applied likelihood + value at risk applied likelihood = attack likelihood (reduced by) user trust + location trust value at risk = value of asset (reduced by) amount of asset exposed by attack Risk Equation Used
  • 33. [6 minus] – Ratings are out of 5 & denote a positive trust value, we want the “distrust” value [multiply 0.2] – We want the trust & impact to moderate the likelihood & value [divide by 2] – We take an average of user & location trust (equally weighted) Risk Equation
  • 35. Takes every permutation & provides analysis graphs & a risk curve Provides three things Risk Curve One view to rule them all Analysis Graphs Slice & Dice Detailed risk searching/pivot table Zoom Threat Model Dashboard
  • 36. Challenge was to provide management view Single number loses too much context Frequency graph of number of “risks” per severity level Risk Curve
  • 37. “Digital” version of risk curve, with ability to show risks per entity type Can view per “perspective” physical, technical, functional Can zoom into showing only risks relating to a specific system Can look at “pivot” risks, i.e. attacks available to someone once they have compromised a system Analysis Graphs
  • 38. Analysis Graphs ExampleAll Perspectives, by Attack
  • 39. Analysis Graphs ExampleAll Perspectives, by Interfaces
  • 40. Analysis Graphs ExampleAll Perspectives, by Users
  • 41. Analysis Graphs ExampleAll Perspectives, by Locations
  • 42. Analysis Graphs ExampleTechnical Perspectives, by Attack
  • 43. Analysis Graphs ExampleFunctional attacks from Active Directory
  • 51. Resulting Risk per Location
  • 54. Tool re-write - aiming for cross platform enforcing certain design constraints e.g. physical <-> physical mappings only macro’ing time consuming tasks Adding population size Permutations favour specificity e.g. if you define multiple user groups for one application & not another, the first app has more risks Refining the risk equation Equal consideration of user & location trust may need refining Normalise across physical, network & functional “views” Refining modeling bounding as results are tested Future Work

Editor's Notes

  1. Can we improve on qualitative risk assessments to provide a better view of how bag guys will attack you, but can we also extend the scope of what a pentest can achieve without extending the time. The CTM can also dictate a testing plan to make sure you test the “right” things, which would improve the accuracy but also the testing plan should allow a pentest to run faster as not everything is tested. The danger is that if you’ve made a bad assumption, the “find stuff we didn’t think of aspect” of the pentest could be lost.
  2. Other tools didn’t give us what we need. Either didn’t give metrics we needed, required a view external consultants couldn’t easily get, took too long or just weren’t great.
  3. The trust associated with a location is related to how much control we have over the actions performed by users in that organization. This can lead to some non-obvious scenarios at first glance. For example, administrative access has fewer controls by default than normal user access, and is hence less trusted. Specific technology to monitor and control admin access would increase this trust. The fact that administrators are more trusted would be represented on the user not the location. * Different applications part of the same system will get different logical *locations* and possibly different network interfaces, but not different functional interfaces (as locations represent control, interface represents a full compromise of a system) * Make sure all unauthenticated location have a high level of trust, since you can&apos;t do anything on them (we assume)
  4. The trust afforded to a user should ideally be based on ability to monitor their actions, employee screening lengths, contractual remediations etc. For example, super users are generally considered more trusted, but quite frequently only because of the position and seniority they occupy, not for solid codified reasons.
  5. Interface values must be consistent throughout, unless an interface exposes much less value than the entire system. For example, if a system is critical to the business, and if the web application to access it only exposes a subset of functionality, it would still be possible to compromise that interface to provide full value and the less functionality can be represented by the likelihood and impact under risk. Even an NTP interface (especially if it runs as SYSTEM or an administrative user and has a history of buffer overflows) should mirror the value of the system.
  6. Removed reference to automated system locations
  7. &lt;Name&gt; - &lt;Description&gt; Locations #Places interfaces and users exist Physical #Physical places such as offices or data centers Network #Network locations such as internal net or DMZ Functional #Authorization levels within a system e.g. Administrative, Authenticated &amp; Unauthenticated access. This represents the controls in place for members of this role. Interfaces #Means of accessing a system Physical #Physical means such as hardware, or the console Network #Electronic communication means such as RDP or NTP Functional #Authorization levels within a system e.g. Administrative, Authenticated &amp; Unauthenticated access. This represents the functionality &amp; data members with this role would have access to. Users #Actors utilizing systems or relevant to the threat model Admins #Administrators of the system, keep it specific to the system not supporting infrastructure Users #Normal users of the system Support #Who supports the system/application, are they different from the administrators AA #How authentication &amp; authorization are handled Authentication Source #Where are usernames &amp; passwords stored, and what is checked when a user logs in Authorization #How is access within the app managed e.g. externally via AD groups, or internal to the App Integration #How does it connect to other systems. Focus on attack paths Source #How does it receive data Destination #Where does it send it to Criticality #How important to the business is this system Confidentiality #How critical is keeping the data secret Integrity #How critical is keeping the data accurate Availability #How critical is the uptime
  8. Interlinking 1) e.g. an Oracle DBA may be able to access the administrative functionality of an app being hosted on it 2) Push, pull, full. If data is pushed from a system to another, then the source will have access to the destination and the destination’s functional interface will be exposed at the source’s functional location
  9. 2 vs. 3 tier: With 2-tier, if you access to the app, then you have DB access. 3-tier, access doesn’t imply DB access.
  10. But, measuring threat and vulnerability is somewhat difficult, so we measure likelihood.
  11. Latex to generate the equation: \\left(AttackLikelihood \\times \\frac{(6-UserTrust)+(6-LocationTrust)}{2}\\times 0.2 \\right) + \\left(InterfaceValue \\times Impact \\times 0.2\\right ) use at http://www.codecogs.com/latex/eqneditor.php