1. Create a diagram of the relevant processes, data stores, data flows, and external entities.
2. Apply the STRIDE methodology to systematically identify potential threats to each element in the diagram.
3. Mitigate the identified threats through techniques like redesigning to eliminate threats, applying standard security controls, or inventing new controls.
4. Validate that the threat modeling process was comprehensive by ensuring all elements and potential threats were considered, and that the proposed mitigations adequately address the threats.
This presentation is part of one of talk, I gave in Microsoft .NET Bootcamp. The contents are slightly edited to share the information in public domain. In this presentation, I covered the significance and all related theory of Threat modeling and analysis.This presentation will be useful for software architects/Managers,developers and QAs. Do share your feedback in comments.
Threat Modeling as a structured activity for identifying and managing the objects (such as application) threats.
Threat Modeling – also called Architectural Risk Analysis is an essential step in the development of your application.
Without it, your protection is a shot in the dark
Threat Hunting Procedures and Measurement MatriceVishal Kumar
This document will provide the basics of Cyber Threat Hunting and answers of some Q such as; What is Threat Hunting?, What is the Importance of Threat Hunting, and How it can be start....Bla..Bla..Bla...
Risk Analysis Of Banking Malware AttacksMarco Morana
Analysis of How Banking Malware Like Zeus Exploit Weakenesses In On-Line Banking Applications and Security Controls. This prezo is a walkthrough the attack scenarion, the attack vectors, the vulnerability exploits and the techniques to model the threats so that countermeasures can be identified
Threat modeling is about thinking what bad can happen and what can you do about it. It can also find logical flaws and reveal problems in the architecture or software development practices. These vulnerabilities cannot usually be found by technical testing.
Threat modeling helps you deliver better software, prioritize your preventive security measures, and focus your penetration testing to the most risky parts of the system. The beauty of threat modeling is that you can assess security already in the design phase. In addition, it is something every team member can participate in because it doesn't require any source code, special skills, or tools. Threat modeling is for everyone: developers, testers, product owners, and project managers.
The presentation covers various methods, such as the STRIDE model, for finding security and privacy threats. You will also learn to analyze use cases for finding business level threats. The presentation also includes practical tips for arranging threat workshops and representing your results.
This presentation was held in the Diana Initiative 2018 and Nixucon 2018 conferences.
This presentation is part of one of talk, I gave in Microsoft .NET Bootcamp. The contents are slightly edited to share the information in public domain. In this presentation, I covered the significance and all related theory of Threat modeling and analysis.This presentation will be useful for software architects/Managers,developers and QAs. Do share your feedback in comments.
Threat Modeling as a structured activity for identifying and managing the objects (such as application) threats.
Threat Modeling – also called Architectural Risk Analysis is an essential step in the development of your application.
Without it, your protection is a shot in the dark
Threat Hunting Procedures and Measurement MatriceVishal Kumar
This document will provide the basics of Cyber Threat Hunting and answers of some Q such as; What is Threat Hunting?, What is the Importance of Threat Hunting, and How it can be start....Bla..Bla..Bla...
Risk Analysis Of Banking Malware AttacksMarco Morana
Analysis of How Banking Malware Like Zeus Exploit Weakenesses In On-Line Banking Applications and Security Controls. This prezo is a walkthrough the attack scenarion, the attack vectors, the vulnerability exploits and the techniques to model the threats so that countermeasures can be identified
Threat modeling is about thinking what bad can happen and what can you do about it. It can also find logical flaws and reveal problems in the architecture or software development practices. These vulnerabilities cannot usually be found by technical testing.
Threat modeling helps you deliver better software, prioritize your preventive security measures, and focus your penetration testing to the most risky parts of the system. The beauty of threat modeling is that you can assess security already in the design phase. In addition, it is something every team member can participate in because it doesn't require any source code, special skills, or tools. Threat modeling is for everyone: developers, testers, product owners, and project managers.
The presentation covers various methods, such as the STRIDE model, for finding security and privacy threats. You will also learn to analyze use cases for finding business level threats. The presentation also includes practical tips for arranging threat workshops and representing your results.
This presentation was held in the Diana Initiative 2018 and Nixucon 2018 conferences.
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
View webinar: "Cyber Threat Hunting: Identify and Hunt Down Intruders": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gwfd
View companion webinar:
"Red Team Operations: Attack and Think Like a Criminal": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gw5q
Are you red team, blue team — or both? Get an inside look at the offensive and defensive sides of information security in our webinar series.
Senior Security Researcher and InfoSec Instructor Jeremy Martin discusses what it takes to be modern-day threat hunter during our webinar, Cyber Threat Hunting: Identify and Hunt Down Intruders.
The webinar covers:
- The job duties of a Cyber Threat Hunting professional
- Frameworks and strategies for Cyber Threat Hunting
- How to get started and progress your defensive security career
- And questions from live viewers!
Learn about InfoSec Institute's Cyber Threat Hunting couse here: https://www.infosecinstitute.com/courses/cyber-threat-hunting/
Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise.
Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence.
This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
MITRE ATT&CK framework is about the framework that is followed by Threat Hunters, Threat Analysts for Threat Modelling purpose, which can be use for Adversary Emulation and Attack Defense. Cybersecurity Analyst widely use it for framing the attack through its various used Tactics and Techniques.
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
This presentation provides an introduction to cybersecurity. This presentation is a part of the Five days Faculty Development Program on Cybersecurity organized by the Department of Information Technology, Sri Ramakrishna Institute of Technology.
Threat modeling is a way of viewing the world, and so what's changing in threat modeling reflects that. There's a global pandemic. The ways we build software are changing. The threats are evolving, and attacks through systems are growing in importance.
Presentation talks about introduction to MITRE ATT&CK Framework, different use cases, pitfalls to take care about.. Talk was delivered @Null Bangalore and @OWASP Bangalore chapter on 15th February 2019.
Basic Android OS security mechanism,
Basic malware definition
Attacking Android platform with
Malware, Remote access, File is stealing and Social Engeering attack is methods have been done discussing in the class.
Attacking the Android:
Installing Kali Linux on android to perform attacks
Installing Dsploit for running attack with android (MITM, XSS, traffic sniffing…. Etc.)
Do you know what the steps of threat modeling and various models are? Take a look at these slides to learn.
To learn more about threat modeling, visit https://www.eccouncil.org/threat-modeling/
For Business's Sake, Let's focus on AppSecLalit Kale
Slide-Deck for session on Application Security at Limerick DotNet-Azure User Group on 15th Feb, 2018
Event URL: https://www.meetup.com/Limerick-DotNet/events/hzctdpyxdbtb/
STRIDE: Digging Vulnerability by Threat ModellingMohammad Febri
The slide provides an overview of the STRIDE threat modeling approach, which was introduced by Microsoft in 1999 for identifying threats to their products. It mentions the different types of threats covered by STRIDE, including Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege
The slide emphasizes the need to consider trust boundaries and includes a diagram illustrating various external entities, processes, data stores, and data flows.
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
View webinar: "Cyber Threat Hunting: Identify and Hunt Down Intruders": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gwfd
View companion webinar:
"Red Team Operations: Attack and Think Like a Criminal": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gw5q
Are you red team, blue team — or both? Get an inside look at the offensive and defensive sides of information security in our webinar series.
Senior Security Researcher and InfoSec Instructor Jeremy Martin discusses what it takes to be modern-day threat hunter during our webinar, Cyber Threat Hunting: Identify and Hunt Down Intruders.
The webinar covers:
- The job duties of a Cyber Threat Hunting professional
- Frameworks and strategies for Cyber Threat Hunting
- How to get started and progress your defensive security career
- And questions from live viewers!
Learn about InfoSec Institute's Cyber Threat Hunting couse here: https://www.infosecinstitute.com/courses/cyber-threat-hunting/
Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise.
Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence.
This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
MITRE ATT&CK framework is about the framework that is followed by Threat Hunters, Threat Analysts for Threat Modelling purpose, which can be use for Adversary Emulation and Attack Defense. Cybersecurity Analyst widely use it for framing the attack through its various used Tactics and Techniques.
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
This presentation provides an introduction to cybersecurity. This presentation is a part of the Five days Faculty Development Program on Cybersecurity organized by the Department of Information Technology, Sri Ramakrishna Institute of Technology.
Threat modeling is a way of viewing the world, and so what's changing in threat modeling reflects that. There's a global pandemic. The ways we build software are changing. The threats are evolving, and attacks through systems are growing in importance.
Presentation talks about introduction to MITRE ATT&CK Framework, different use cases, pitfalls to take care about.. Talk was delivered @Null Bangalore and @OWASP Bangalore chapter on 15th February 2019.
Basic Android OS security mechanism,
Basic malware definition
Attacking Android platform with
Malware, Remote access, File is stealing and Social Engeering attack is methods have been done discussing in the class.
Attacking the Android:
Installing Kali Linux on android to perform attacks
Installing Dsploit for running attack with android (MITM, XSS, traffic sniffing…. Etc.)
Do you know what the steps of threat modeling and various models are? Take a look at these slides to learn.
To learn more about threat modeling, visit https://www.eccouncil.org/threat-modeling/
For Business's Sake, Let's focus on AppSecLalit Kale
Slide-Deck for session on Application Security at Limerick DotNet-Azure User Group on 15th Feb, 2018
Event URL: https://www.meetup.com/Limerick-DotNet/events/hzctdpyxdbtb/
STRIDE: Digging Vulnerability by Threat ModellingMohammad Febri
The slide provides an overview of the STRIDE threat modeling approach, which was introduced by Microsoft in 1999 for identifying threats to their products. It mentions the different types of threats covered by STRIDE, including Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege
The slide emphasizes the need to consider trust boundaries and includes a diagram illustrating various external entities, processes, data stores, and data flows.
This presentation gives the brief overview of the procedure that needs to be followed for performing manual code review while assessing the security of an application/service. There are two parts for this presentation. This first part covers some vulnerabilities and the second part covers remaining vulnerabilities.
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
The recorded version of 'Best Of The World Webcast Series' [Webinar] where Jacob Holcomb speaks on 'RIoT (Raiding Internet of Things)' is available on CISOPlatform.
Best Of The World Webcast Series are webinars where breakthrough/original security researchers showcase their study, to offer the CISO/security experts the best insights in information security.
For more signup(it's free): www.cisoplatform.com
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...CloudVillage
Speaker 1: Olaf Hartong
Speaker 2: Edoardo Gerosa
Azure Sentinel, Microsoft's new cloud SIEM solution, was recently released on the market. Notwithstanding its strengths Sentinel offers limited threat hunting capabilities out of the box and setting up an effective hunting solution is not straightforward. The Sentinel ATT&CK GitHub project is designed to provide guidance on setting up an ATT&CK-driven process monitoring solution within Sentinel; giving DFIR professionals a tool to effectively hunt in the Azure cloud.
The project, building on previous work from the open source DFIR community, provides instructions on how to properly configure Sysmon to monitor and detect specific processes in alignment with MITRE's ATT&CK framework. Secondly it provides clarity on how to onboard Sysmon logs from Windows virtual machines, shedding light on some poorly documented areas, while also offering an open source parser to correctly ingest Sysmon data in conformity with the Open Source Security Event Metadata information model. Thirdly it offers around 120 open source Kusto Query Language alerts ready for deployment; each mapped to a unique MITRE ATT&CK technique. Fourthly it provides a dedicated threat hunting dashboard to help DFIR professionals monitor their environment and execute precise hunts. Finally, Sentinel ATT&CK provides ready-made hunting queries to be leveraged when responding to alert notifications raised by the threat hunting dashboard.
This talk delivers an overview of how the Sentinel ATT&CK project can help organisations establish an effective threat hunting capability in Azure as well as an opportunity to share with the community the strengths and shortcomings of Sentinel when it comes to hunting adversaries within the Microsoft cloud.
I got 99 trends and a # is all of them or How we found over 100 200+ RCE vulnerabilities in Trend Micro software.
Presentation released at Hack In The Box 2017 Amsterdam, by Roberto Suggi Liverani @malerisch and Steven Seeley @steventseeley.
For more information, please visit: http://blog.malerisch.net or http://srcincite.io
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsDicodingEvent
Di Indonesia, 19,4% perusahaan sudah mulai menggunakan layanan cloud publik. Stapi sering kali saat perusahan sudah mengadopsi cloud, mereka baru menyadari betapa rumitnya penerapan cloud. Akibatnya, banyak perusahaan yang stuck dalam operasional aplikasi yang baru ini.
Hadirlah DevOps yang memberi layanan lebih cepat dan mendorong inovasi sekaligus meningkatkan produktivitas, komunikasi, dan keterlibatan karyawan. Tapi hadirnya layanan yang lebih cepat membuat risiko dalam penerapan aplikasi meningkat sebesar 53% upaya pencurian data menyasar aplikasi itu sendiri. Oleh karena itu, sangat penting bagi perusahaan untuk mengubah mindset dari menerapkan keamanan untuk kepatuhan ke metode yang lebih proaktif dengan memanfaatkan prinsip-prinsip DevOps dalam tool dan proses keamanan mereka.
Hmm jadi penasaran bagaimana sih memaksimalkan peran keamanan dalam penerapan Devops supaya berjalan dengan lacar? Hal ini akan kita bahas bersama 2 orang pembicara yang expert dibidangnya, yaitu Rei Munisati (Head of IT Security & Risk Compliance, Home Credit Indonesia) dan Taro Lay (Co-Founder Kalama Cyber Security) pada Tech Talk 2021 Live dengan tema "Peran IT Security dalam Penerapan DevOps."
Controlling Access to IBM i Systems and DataPrecisely
Security best practice and regulations such as SOX, HIPAA, GDPR and others require you to restrict access to your critical IBM i systems and their data, but this is easier said than done. Legacy, proprietary access protocols now co-exist with new, open-source protocols to create access control headaches.
View this webcast on-demand for an in-depth discussion of IBM i access points that must be secured and how exit points can be leveraged to accomplish the task. We’ll cover:
• Securing network access and communication ports
• How database access via open-source protocols can be secured
• Taking control of command execution
This presentation targets to guiding security expert and developer to protect PaaS deployment to eliminate security threats. This also introduces Threat Modeling.
Are we there Yet?? (The long journey of Migrating from close source to opens...Marco Tusa
Migrating from Oracle to MySQL or another Open source RDBMS like Postgres is not as straightforward as many think if not well guided. Check what it means doing with someone that has done it already.
This presentation will provide a high level overview of the current role that desktop applications play in enterprise environments, and the general risks associated with different deployment models. It will also cover common methodologies, techniques, and tools used to identify vulnerabilities in typical desktop application implementations. Although there will be some technical content. The discussion should be interesting and accessible to both operational and management levels.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Talk on threats to database security. The title is, of course, deadly serious. Wile E. Coyote & other experts on correctness & security are enlisted to help make key points.
Your database holds your company's most sensitive and important assets- your data. All those customers' personal details, credit card numbers, social security numbers- you can't afford leaving them vulnerable to any- outside or inside- breaches.
Few developers pay attention to security, in spite of the unstoppable tide of security defects in code. Big money is being spent by governments to buy bugs, and exploits have become a new class of weapon in the arsenal of militaries around the world. It is high time that developers pay attention. In these slides, Coverity CTO & co-founder Andy Chou presents a model for how developers can begin to think about security, including some of the most common types of weaknesses that are still plaguing our applications. For each weakness, a concrete code example helps illustrate the bug and what to do about it. From there, he goes up a level and discuss why developers need to begin to "own security" and change the culture from within in order to make a dent in the security problems we face.
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...Achim D. Brucker
Security testing is an important part of any security development lifecycle (SDL) and, thus, should be a part of any software (development) lifecycle. Still, security testing is often understood as an activity done by security testers in the time between "end of development'" and "offering the product to customers.'"
On the one hand, learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, security testing should be integrated into the daily development activities. On the other hand, developing software for the cloud and offering software in the cloud raises the need for security testing in a "close-to-production" or even production environment. Consequently, we need an end-to-end integration of security testing into the software lifecycle.
In this talk, we will report on our experiences on integrating security testing ``end-to-end'' into SAP's software development lifecycle in general and, in particular, SAP's Secure Software Development Lifecycle (S2DL). Moreover, we will discuss different myths, challenges, and opportunities in the are security testing.
Enterprise API adoption has gone beyond predictions. It has become the 'coolest' way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed.
This session focuses on API Security. There are so many options out there to make someone easily confused. When to select one over the other is always a question - and you need to deal with it quite carefully to identify and isolate the tradeoffs. Security is not an afterthought. It has to be an integral part of any development project - so as for APIs. API security has evolved a lot in last five years. This talk covers best practices in building an API Security Ecosystem with OAuth 2.0, UMA, SCIM, XACML and LDAP.
Connected business is a very dynamic and complex environment. Your desire is to reach out to your customers, partners, distributors and suppliers and create more and more business interactions and activities, that will generate more revenue. The goal here is not just integrate technological silos, in your enterprise – but also make your business more accessible and reactive. The ability to propagate identities across borders in a protocol-agnostic manner is a core ingredient in producing a connected business environment.
SAML, OpenID, OpenID Connect, WS-Federation all support identity federation – cross domain authentication. But, can we always expect all the parties in a connected environment to support SAML, OpenID or OpenID Connect ? Most of the federation systems we see today are in silos. It can be a silo of SAML federation, a silo of OpenID Connect federation or a silo of OpenID federation.
Even in a given federation silo how do you scale with increasing number of service providers and identity providers? Each service provider has to trust each identity provider and this leads into the Spaghetti Identity anti-pattern.
Federation Silos and Spaghetti Identity are two anti-patterns that needs to be addressed in a connected environment.
This talk will present benefits, risks and challenges in a connected identity environment
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
2. Course Overview
• Introduction and Goals
• How to Threat Model
• The STRIDE per Element Approach to Threat Modeling
• Diagram Validation Rules of Thumb
• Exercise
• Demo
3.
4. Terminology and Context
Requirements Design Design analysis
Security
Experts
All engineers SDL
Threat Modeling
“Internet Engineering Task Force” (IETF)
Threat Modeling
Development stage
Core People involved
5. Threat Modeling Basics
• Who?
– The bad guys will do a good job of it
– Maybe you will…your choice
• What?
– A repeatable process to find and address all threats to your product
• When?
– The earlier you start, the more time to plan and fix
– Worst case is for when you‟re trying to ship: Find problems, make
ugly scope and schedule choices, revisit those features soon
• Why?
– Find problems when there‟s time to fix them
– Security Development Lifecycle (SDL) requirement
– Deliver more secure products
• How?
6. Who
• Building a threat model (at Microsoft)
– Program Manager (PM) owns overall process
– Testers
• Identify threats in analyze phase
• Use threat models to drive test plans
– Developers create diagrams
• Customers for threat models
– Your team
– Other features, product teams
– Customers, via user education
– “External” quality assurance resources,
such as pen testers
• You‟ll need to decide what fits to your organization
7. What
• Consider, document, and discuss security in a
structured way
• Threat model and document
– The product as a whole
– The security-relevant features
– The attack surfaces
• Assurance that threat modeling has been done well
8. Why
• Produce software that‟s secure by design
– Improve designs the same way we‟ve improved code
• Because attackers think differently
– Creator blindness/new perspective
• Allow you to predictably and effectively
find security problems early in the process
16. How to Create Diagrams
• Go to the whiteboard
• Start with an overview which has:
– A few external interactors
– One or two processes
– One or two data stores (maybe)
– Data flows to connect them
• Check your work
– Can you tell a story without edits?
– Does it match reality?
17. Diagramming
• Use DFDs (Data Flow Diagrams)
– Include processes, data stores, data flows
– Include trust boundaries
– Diagrams per scenario may be helpful
• Update diagrams as product changes
• Enumerate assumptions, dependencies
• Number everything (if manual)
18. Diagram Elements: Examples
• People
• Other systems
• Microsoft.com
• Function call
• Network traffic
• Remote
Procedure Call
(RPC)
• DLLs
• EXEs
• COM object
• Components
• Services
• Web Services
• Assemblies
• Database
• File
• Registry
• Shared
Memory
• Queue / Stack
External
Entity
Process
Data
Flow Data Store
Trust Boundary
• Process boundary
• File system
19. Diagrams: Trust Boundaries
• Add trust boundaries that intersect data flows
• Points/surfaces where an attacker can interject
– Machine boundaries, privilege boundaries, integrity boundaries are
examples of trust boundaries
– Threads in a native process are often inside a trust boundary, because
they share the same privs, rights, identifiers and access
• Processes talking across a network always have a trust boundary
– They make may create a secure channel, but they‟re still distinct
entities
– Encrypting network traffic is an „instinctive‟ mitigation
• But doesn‟t address tampering or spoofing
19
20. Diagram Iteration
• Iterate over processes, data stores, and see where they
need to be broken down
• How to know it “needs to be broken down?”
– More detail is needed to explain security impact of the design
– Object crosses a trust boundary
– Words like “sometimes” and “also” indicate you have a
combination of things that can be broken out
• “Sometimes this datastore is used for X”…probably add a
second datastore to the diagram
23. Diagram layers
• Context Diagram
– Very high-level; entire component / product / system
• Level 1 Diagram
– High level; single feature / scenario
• Level 2 Diagram
– Low level; detailed sub-components of features
• Level 3 Diagram
– More detailed
– Rare to need more layers, except in huge projects or when you‟re
drawing more trust boundaries
24. Creating Diagrams: analysis or synthesis?
• Top down
– Gives you the “context” in context diagram
– Focuses on the system as a whole
– More work at the start
• Bottom up
– Feature crews know their features
– Approach not designed for synthesis
– More work overall
25.
26. Diagram Validation Rules of Thumb
Does data magically appear?
Data comes from external entities or data stores
SQL DatabaseWeb ServerCustomer
Order
Confirmation
27. Diagram Validation Rules of Thumb
Are there data sinks?
You write to a store for a reason: Someone uses it.
SQL Server DatabaseWeb Server
Transaction
Analytics
34. Identify Threats
• Experts can brainstorm
• How to do this without being an expert?
– Use STRIDE to step through the diagram elements
– Get specific about threat manifestation
Threat Property we want
Spoofing Authentication
Tampering Integrity
Repudiation Nonrepudiation
Information Disclosure Confidentiality
Denial of Service Availability
Elevation of Privilege Authorization
35. Threat: Spoofing
Threat Spoofing
Property Authentication
Definition Impersonating something or
someone else
Example Pretending to be any of billg,
microsoft.com, or ntdll.dll
37. Threat: Repudiation
Threat Repudiation
Property Non-Repudiation
Definition Claiming to have not performed
an action
Example “I didn‟t send that email,” “I didn‟t
modify that file,” “I certainly didn‟t
visit that Web site, dear!”
38. Threat: Information Disclosure
Threat Information Disclosure
Property Confidentiality
Definition Exposing information to someone
not authorized to see it
Example Allowing someone to read the
Windows source code; publishing a
list of customers to a Web site
39. Threat: Denial of Service
Threat Denial of Service
Property Availability
Definition Deny or degrade service to users
Example Crashing Windows or a Web site,
sending a packet and absorbing
seconds of CPU time, or routing
packets into a black hole
40. Threat: Elevation of Privilege
Threat Elevation of Privilege (EoP)
Property Authorization
Definition Gain capabilities without proper
authorization
Example Allowing a remote Internet user to
run commands is the classic
example, but going from a “Limited
User” to “Admin” is also EoP
41. Process
Data Store
S T R I D E
ELEMENT
?
Data Flow
External Entity
Different Threats Affect Each Element Type
42. Apply STRIDE Threats to Each Element
• For each item on the diagram:
– Apply relevant parts of STRIDE
– Process: STRIDE
– Data store, data flow: TID
• Data stores that are logs: TID+R
– External entity: SR
– Data flow inside a process:
• Don‟t worry about T, I, or D
• This is why you number things
43. Use the Trust boundaries
• Trusted/ high code reading from untrusted/low
– Validate everything for specific and defined uses
• High code writing to low
– Make sure your errors don‟t give away too much
44. Threats and Distractions
• Don‟t worry about these threats
– The computer is infected with malware
– Someone removed the hard drive and tampers
– Admin is attacking user
– A user is attacking himself
• You can‟t address any of these (unless you‟re the OS)
46. Mitigation Is the Point of Threat Modeling
• Mitigation
– To address or alleviate a problem
• Protect customers
• Design secure software
• Why bother if you:
– Create a great model
– Identify lots of threats
– Stop
• So, find problems and fix them
47. Mitigate
• Address each threat
• Four ways to address threats
1. Redesign to eliminate
2. Apply standard mitigations
• What have similar software packages done
and how has that worked out for them?
3. Invent new mitigations (riskier)
4. Accept vulnerability in design
• SDL rules about what you can accept
• Address each threat
48. Standard Mitigations
Spoofing Authentication To authenticate principals:
• Cookie authentication
• Kerberos authentication
• PKI systems such as SSL/TLS and certificates
To authenticate code or data:
• Digital signatures
Tampering Integrity • Windows Vista Mandatory Integrity Controls
• ACLs
• Digital signatures
Repudiation Non Repudiation • Secure logging and auditing
• Digital Signatures
Information Disclosure Confidentiality • Encryption
• ACLS
Denial of Service Availability • ACLs
• Filtering
• Quotas
Elevation of Privilege Authorization • ACLs
• Group or role membership
• Privilege ownership
• Input validation
49. Inventing Mitigations Is Hard: Don‟t do it
• Mitigations are an area of expertise, such as
networking, databases, or cryptography
• Amateurs make mistakes, but so do pros
• Mitigation failures will appear to work
– Until an expert looks at them
– We hope that expert will work for us
• When you need to invent mitigations, get expert help
50. Sample Mitigation
• Mitigation #54, Rasterization Service performs the
following mitigation strategies:
1. OM is validated and checked by (component) before
being handed over to Rasterization Service
2. The resources are decoded and validated by interacting
subsystems, such as [foo], [bar], and [boop]
3. Rasterization ensures that if there are any resource
problems while loading and converting OM to raster
data, it returns a proper error code
4. Rasterization Service will be thoroughly fuzz tested
(Comment: Fuzzing isn‟t a mitigation, but it‟s a great thing to
plan as part 4)
51. Improving Sample Mitigation:
Validated-For
• “OM is validated and checked by [component] before
being handed over to Rasterization Service”
• Validated for what? Be specific!
– “…validates that each element is unique.”
– “…validates that the URL is RFC-1738 compliant, but note URL may
be to http://evil.com/ownme.html”
– (Also a great external security note)
53. Validating Threat Models
• Validate the whole threat model
– Does diagram match final code?
– Are threats enumerated?
– Minimum: STRIDE per element that touches a trust boundary
– Has Test / QA reviewed the model?
• Tester approach often finds issues with threat model or details
– Is each threat mitigated?
– Are mitigations done right?
• Did you check these before Final Security Review?
– Shipping will be more predictable
54. Validate Quality of Threats and Mitigations
• Threats: Do they:
– Describe the attack
– Describe the context
– Describe the impact
• Mitigations
– Associate with a threat
– Describe the mitigations
– File a bug
Fuzzing is a test tactic, not a mitigation
55. Validate Information Captured
• Dependencies
– What other code are you using?
– What security functions are in that other code?
– Are you sure?
• Assumptions
– Things you note as you build the threat model
• “HTTP.sys will protect us against SQL Injection”
• “LPC will protect us from malformed messages”
• GenRandom will give us crypto-strong randomness
56. More Sample Mitigations
• Mitigation #3: The Publish License is created by RMS, and we've been
advised that it's only OK to include an unencrypted e-mail address if
it's required for the service to work. Even if it is required, it seems like
a bad idea due to easy e-mail harvesting.
• Primary Mitigation: Bug #123456 has been filed against the RMS team
to investigate removing the e-mail address from this element. If that's
possible, this would be the best solution to our threat.
• Backup Mitigation: It's acceptable to mitigate this by warning the
document author that their e-mail address may be included in the
document. If we have to ship it, the user interface will be updated to
give clear disclosure to the author when they are protecting a
document.
57. Effective Threat Modeling Meetings
• Develop draft threat model before the meeting
– Use the meeting to discuss
• Start with a DFD walkthrough
• Identify most interesting elements
– Assets (if you identify any)
– Entry points/trust boundaries
• Walk through STRIDE against those elements
• Threats that cross elements/recur
– Consider library, redesigns
58.
59.
60. Exercise
• Handout
• Work in teams to:
– Identify all diagram elements
– Identify threat types to each element
– Identify at least three threats
– Identify first order mitigations
Extra credit: Improve the diagram
62. Administrator (1)
Admin console (2) , Host SW (3)
Threats Elements
Config data (4), Integrity data (5),
Filesystem data (6), registry (7)
8. raw reg data
9. raw filesystem data
10. commands
.... 16
Process
Data Store
S T R I D E
ELEMENT
Data Flow
External Entity
Identify STRIDE threats by element type
Identify Threat Types to Each Element
63. Identify Threats!
• Be specific
• Understand threat and impact
• Identify first order mitigations
64.
65. Call to Action
• Threat model your work!
– Start early
– Track changes
• Work with a Security Advisor!
• Talk to your “dependencies” about security assumptions
• Learn more
66. Threat Modeling Learning Resources
MSDN Magazine
Reinvigorate your Threat Modeling
Process
http://msdn.microsoft.com/en-
us/magazine/cc700352.aspx
Threat Modeling: Uncover Security
Design Flaws Using The STRIDE
Approach
http://msdn.microsoft.com/msdnmag/issues/06/1
1/ThreatModeling/default.aspx
Article
Experiences Threat Modeling at
Microsoft
http://download.microsoft.com/download/9/D/3/9
D389274-F770-4737-9F1A-
8EA2720EE92A/Shostack-ModSec08-
Experiences-Threat-Modeling-At-
Microsoft.pdf
SDL Blog
All threat modeling posts
http://blogs.msdn.com/sdl/archive/tags/threat%2
0modeling/default.aspx
Books
The Security Development Lifecycle:
SDL: A Process for Developing
Demonstrably More Secure
Software
(Howard, Lipner, 2006) “Threat
Modeling” chapter
http://www.microsoft.com/mspress/books/author
s/auth8753.aspx
71. Threat Property we want
Spoofing Authentication
Tampering Integrity
Repudiation Nonrepudiation
Information Disclosure Confidentiality
Denial of Service Availability
Elevation of Privilege Authorization
S T R I D E
Standard Mitigations
72. S T R I D E
Threat Property
Spoofing Authentication To authenticate principals:
• Basic authentication
• Digest authentication
• Cookie authentication
• Windows authentication (NTLM)
• Kerberos authentication
• PKI systems, such as SSL or TLS and
certificates
• IPSec
• Digitally signed packets
To authenticate code or data:
• Digital signatures
• Message authentication codes
• Hashes
Standard Mitigations
73. S T R I D E
Threat Property
Tampering Integrity • Windows Vista mandatory integrity
controls
• ACLs
• Digital signatures
• Message authentication codes
Standard Mitigations
74. S T R I D E
Threat Property
Repudiation Nonrepudiation • Strong authentication
• Secure logging and auditing
• Digital signatures
• Secure time stamps
• Trusted third parties
Standard Mitigations
75. S T R I D E
Threat Property
Information
Disclosure
Confidentiality • Encryption
• ACLs
Standard Mitigations
76. S T R I D E
Threat Property
Denial of
Service
Availability • ACLs
• Filtering
• Quotas
• Authorization
• High-availability designs
Standard Mitigations
77. S T R I D E
Threat Property
Elevation of
Privilege
Authorization • ACLs
• Group or role membership
• Privilege ownership
• Permissions
• Input validation
Standard Mitigations
Editor's Notes
Hi, I’m ___ and I’m here today to talk to you about the approach to threat modeling used in the Microsoft Security Development Lifecycle (SDL).
This course takes roughly 2 hours, and includes an exercise and a tool demo. The agenda is we’ll start out by discussing the goals of threat modeling, explain exactly how to do it—even if you’re not an expert– and then go to an exercise to make things concrete, as well as a demo of the SDL Threat Modeling tool to show you how to make this easy.
Let’s go through the goals of threat modeling.
To get started, let’s understand that threat modeling means a lot of different things to different people. I want to be clear about what we mean when we say SDL threat modeling. We mean a design analysis technique that’s been designed to ensure that all engineers can participate, not only security experts. This is in contrast to (for example) the IETF. There, it’s a perfectly reasonable question to ask “What’s your threat model?” and hear the complete answer be “someone with control over a top level domain.”That approach isn’t wrong, but it doesn’t work for everyone, and so Microsoft has developed a new approach, centered on analyzing designs, and that’s what we’re going to talk about today.
Let’s go through the who/what/why/when/how of integrating threat modeling into your development process.Who will threat model? The bad guys will look at your designs and find flaws in them. You can if you want to, and if you do, you have time to plan to address those issues.(walk through when & why)How? That’s the subject of the rest of this presentation
So who’s involved in creating the threat model? “You” isn’t a very precise answer. There’s two groups involved: first are the team that builds it, and second are the teams that consume it.The folks that build it are dev, test and PM. At Microsoft, program managers are a mix of project manager, product manager and architect who define what the overall product will be. All three have a role in the creation of threat models. Some teams have their testers own the threat model—the tester’s approach to the world is often a good one for finding issues with designs.Creating great threat models is going to require that the threat models be part of your development process, not just documents that sit on a shelf. Working to ensure that threat models are widely consumed is important. So let’s look at some of the customers for threat models: Your team, when new people come on board, or when you hit major development milestones. If you’re working on a large project, talk to other feature teams. Review your threat models together to make sure you understand the security expectations of each side. If there are external security notes in your threat model, some of that data may go to your customers.If you hire pen testers or other security QA, showing them your threat models will save you time and money.
What is threat modeling? What benefits does it bring? There’s three things:Consider, document, and discuss security in a structured way. Structure is important for consistency and cross-group collaboration.You want to threat model your entire product. It doesn’t make sense to threat model, say, the Bold button in Word. You want to threat model Word.You want to think about the security features, like logging or cryptography in detail.You also want to think about the parts of the code which are most exposed – the attack surfaces.The final thing you get from threat modeling documents is assurance that the work has been done. It’s no good to have the world’s best security experts sit around and think about the problem if they don’t share their results.
We’ve done a lot to improve code in the SDL. From effective training to compiler improvements to banned APIs , the code has gotten a lot better. We need to improve our designs as well.It’s hard to get a clean perspective on your own code. You spend a lot of time and effort to get it right, it’s hard to get a fresh look at it. The approach we’re teaching you today helps you do that.
Is the subject of the remainder of the slides.(Run through these next few slides quickly)
Zip through this – so you draw a diagram like this one … (next slide)
“apply stride threats per element, document it all, and you’re done!” (next slide)
Read the slide. Then ”threat modeling is intimidating, and can feel like that.”
So this is the general approach. It looks like most software processes you’ve seen. Two things: The vision stage is optional, and so is the loop. You really only need to loop if you make design changes.
Now to put this all together, we’re going to look at a simple system for change detection in an enterprise.
We have an admin console that gathers filesystem & registry data from one or more monitored hosts in the field. We’ll come back to this in the exercise.
FINDME: If your team has made a call on this, you can eliminate this slide
These rules of thumb are derived from Microsoft’s analysis of threat models and are designed to make it easier to know if you’re doing the right thing. Even if you’re using the tool—which automates these– its important to know where they come from.
I usually ask people in the class to improve this diagram. Where should there be trust boundaries? What’s the wrong shape? What happens in what order?Do point out that none of the data flows are labeled “read” or “write,” and that’s a good thing. You get read/write from the direction of the arrow.
The next phase of the process is to identify threats. How do you do this without being an expert?
Self explanatory. The next slides go into more detail, with examples
These are the threats which affect each type of element. For example, data flows are subject to tampering, information disclosure and denial of service. Data stores are subject to tampering, information disclosure and denial of service, and if they’re logs, impact repudiation:Data stores which are logs come under special attack because they’re logs.Logs can act as a pass through—lots of security software looks at logs. Be careful about what you write.If a system has no logs, repudiation is easy.
A list of STRIDE Standard Mitigations is included at the end of the presentation
Mitigations not /gs
This is one of the only mentions of assets, because many software developers can’t identify them effectively.
I leave this slide up during the exercise.Working in teams is important—it draws people in and gets the energy level in the room way up. I usually announce 10 minutes for this, and end up giving people 15. You can adjust this time to fit how quickly or slowly you’ve gone through the material. You need to plan for a discussion (see the “Identify threats” slide) and also a tool demo and wrap-up.
Sometimes people don’t count data flows; other times they count trust boundaries. Everyone should understand why there are 16 elements.
I prep a chart like this to help me make sure I consider each element.For administrator, I can walk across, looking for S, RFor admin console, I look for STRIDE. (etc)
For each element of the chart starting with spoofing against external entities I ask “Who found X?” You may want a printout of the chart handy for your own use for this.I ask whoever pops up to identify the threat, explain it, and its impact, and then how they’d mitigate it. Plan for 15 minutes here, feel free to cut to no less than 10.