Threat modeling web application: a case studyAntonio Fontes
TAM is a security activity conducted early in the development lifecycle, when we only have ideas, early design specifications and no source code is produced yet. It helps identify major threats to your web application and their appropriate countermeasures.
This session focuses on an introduction to the threat modeling technique through a case study on an online newspaper platform.
Event: Confoo 2011 Montreal
Bài 1: GIỚI THIỆU VỀ BẢO MẬT - Giáo trình FPTMasterCode.vn
Mô tả những thách thức của việc bảo mật thông tin
Định nghĩa bảo mật thông tin và giải thích được lý do
khiến bảo mật thông tin trở nên quan trọng
Nhận diện các dạng tấn công phổ biến hiện nay
Liệt kê các bước cơ bản của một cuộc tấn công
Mô tả năm nguyên tắc phòng thủ cơ bản
Web-application-security dành cho sinh viên IT gồm Web application attack and defense thông qua thống kê nền tảng website phổi biến, lỗ hổng web, phát hiện, kiểm tra lỗ hổng, tại sao dùng web application firewall? Tại sao triển khai WAF trên Reverse Proxy? Modsecurity
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
Brucon 2016
The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a road map to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us.
Threat modeling web application: a case studyAntonio Fontes
TAM is a security activity conducted early in the development lifecycle, when we only have ideas, early design specifications and no source code is produced yet. It helps identify major threats to your web application and their appropriate countermeasures.
This session focuses on an introduction to the threat modeling technique through a case study on an online newspaper platform.
Event: Confoo 2011 Montreal
Bài 1: GIỚI THIỆU VỀ BẢO MẬT - Giáo trình FPTMasterCode.vn
Mô tả những thách thức của việc bảo mật thông tin
Định nghĩa bảo mật thông tin và giải thích được lý do
khiến bảo mật thông tin trở nên quan trọng
Nhận diện các dạng tấn công phổ biến hiện nay
Liệt kê các bước cơ bản của một cuộc tấn công
Mô tả năm nguyên tắc phòng thủ cơ bản
Web-application-security dành cho sinh viên IT gồm Web application attack and defense thông qua thống kê nền tảng website phổi biến, lỗ hổng web, phát hiện, kiểm tra lỗ hổng, tại sao dùng web application firewall? Tại sao triển khai WAF trên Reverse Proxy? Modsecurity
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
Brucon 2016
The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a road map to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us.
This presentation is part of one of talk, I gave in Microsoft .NET Bootcamp. The contents are slightly edited to share the information in public domain. In this presentation, I covered the significance and all related theory of Threat modeling and analysis.This presentation will be useful for software architects/Managers,developers and QAs. Do share your feedback in comments.
Threat Hunting Procedures and Measurement MatriceVishal Kumar
This document will provide the basics of Cyber Threat Hunting and answers of some Q such as; What is Threat Hunting?, What is the Importance of Threat Hunting, and How it can be start....Bla..Bla..Bla...
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Nhận viết luận văn Đại học , thạc sĩ - Zalo: 0917.193.864
Tham khảo bảng giá dịch vụ viết bài tại: vietbaocaothuctap.net
Download luận văn đồ án tốt nghiệp ngành công nghệ thông tin với đề tài: Kỹ thuật giấu tin văn bản trong hình ảnh dựa trên hàm modulus, cho các bạn làm luận văn tham khảo
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
Delivering Security Insights with Data Analytics and VisualizationRaffael Marty
It's an interesting exercise to look back to the year 2000 to see how we approached cyber security. We just started to realize that data might be a useful currency, but for the most part, security pursued preventative avenues, such as firewalls, intrusion prevention systems, and anti-virus. With the advent of log management and security incident and event management (SIEM) solutions we started to gather gigabytes of sensor data and correlate data from different sensors to improve on their weaknesses and accelerate their strengths. But fundamentally, such solutions didn't scale that well and struggled to deliver real security insight.
Today, cybersecurity wouldn't work anymore without large scale data analytics and machine learning approaches, especially in the realm of malware classification and threat intelligence. Nonetheless, we are still just scratching the surface and learning where the real challenges are in data analytics for security.
This talk will go on a journey of big data in cybersecurity, exploring where big data has been and where it must go to make a true difference. We will look at the potential of data mining, machine learning, and artificial intelligence, as well as the boundaries of these approaches. We will also look at both the shortcomings and potential of data visualization and the human computer interface. It is critical that today's systems take into account the human expert and, most importantly, provide the right data.
Misp(malware information sharing platform)Nadim Kadiwala
A threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. Discover how MISP is used today in multiple organisations. Not only to store, share, collaborate on cyber security indicators, malware analysis, but also to use the IoCs and information to detect and prevent attacks or threats against ICT infrastructures, organisations or people.
MỘT SỐ NGUY CƠ ĐỐI VỚI AN TOÀN, BẢO MẬT THÔNG TIN TRÊN MẠNG CNTT CƠ QUAN ĐẢNG...Vu Hung Nguyen
Hội thảo Hợp tác Phát triển CNTT-TT Việt Nam lần thứ 17 sẽ diễn ra tại khách sạn Xanh thành phố Huế từ ngày 29 đến 31/8/2013. Hội thảo do Bộ Thông tin và Truyền thông, UBND tỉnh Thừa Thiên Huế, Hội Tin học Việt Nam và Hội Tin học thành phố Hồ Chí Minh đồng tổ chức với chủ đề “Xây dựng hạ tầng CNTT-TT đồng bộ từ Trung ương đến địa phương tạo động lực phát triển kinh tế - xã hội”
http://ict2013.thuathienhue.gov.vn/
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...Abhay Bhargav
Serverless Technology (Functions as a Service) is fast becoming the next "big thing" in the world of distributed applications. Organizations are investing a great deal of resources in this technology as a force-multiplier, cost-saver and ops-simplification cure-all. Especially with widespread support from cloud vendors, this technology is going to only become more influential. However, like everything else, Serverless apps are subject to a a wide variety of attack possibilities, ranging from attacks against access control tech like Function Event Injection, JWTs, to NoSQL Injection, to exploits against the apps themselves (deserialization, etc) escalating privileges to other cloud component.
On the other hand GraphQL (API Query Language) is the natural companion to serverless apps, where traditional REST APIs are replaced with GraphQL to provide greater flexibility, greater query parameterization and speed. GraphQL is slowly negating the need for REST APIs from being developed. Combined with Serverless tech/Reactive Front-end frameworks, GraphQL is very powerful for distributed apps. However, GraphQL can be abused with a variety of attacks including but not limited to Injection Attacks, Nested Resource Exhaustion attacks, Authorization Flaws among others.
This talk presents a red-team perspective of the various ways in which testers can discover and exploit serverless and/or GraphQL driven applications to compromise sensitive information, and gain a deeper foothold into database services, IAM services and other other cloud components. The talk will have some demos that will demonstrate practical attacks and attack possibilities against Serverless and GraphQL applications.
Slides from the first module of the OWASP Ottawa Training Day 2012, "Integrating security and privacy in a web application project" training.
Module 1: before coding (security during inception and design phases)
The training was designed and produced by:
Antonio Fontes (OWASP Geneva) - http://www.slideshare.net/starbuck3000
Philippe Gamache (OWASP Montreal) - http://www.slideshare.net/PhilippeGamache
Sebastien Gioria (OWASP France) - http://www.slideshare.net/SebastienGioria
This presentation is part of one of talk, I gave in Microsoft .NET Bootcamp. The contents are slightly edited to share the information in public domain. In this presentation, I covered the significance and all related theory of Threat modeling and analysis.This presentation will be useful for software architects/Managers,developers and QAs. Do share your feedback in comments.
Threat Hunting Procedures and Measurement MatriceVishal Kumar
This document will provide the basics of Cyber Threat Hunting and answers of some Q such as; What is Threat Hunting?, What is the Importance of Threat Hunting, and How it can be start....Bla..Bla..Bla...
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Nhận viết luận văn Đại học , thạc sĩ - Zalo: 0917.193.864
Tham khảo bảng giá dịch vụ viết bài tại: vietbaocaothuctap.net
Download luận văn đồ án tốt nghiệp ngành công nghệ thông tin với đề tài: Kỹ thuật giấu tin văn bản trong hình ảnh dựa trên hàm modulus, cho các bạn làm luận văn tham khảo
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
Delivering Security Insights with Data Analytics and VisualizationRaffael Marty
It's an interesting exercise to look back to the year 2000 to see how we approached cyber security. We just started to realize that data might be a useful currency, but for the most part, security pursued preventative avenues, such as firewalls, intrusion prevention systems, and anti-virus. With the advent of log management and security incident and event management (SIEM) solutions we started to gather gigabytes of sensor data and correlate data from different sensors to improve on their weaknesses and accelerate their strengths. But fundamentally, such solutions didn't scale that well and struggled to deliver real security insight.
Today, cybersecurity wouldn't work anymore without large scale data analytics and machine learning approaches, especially in the realm of malware classification and threat intelligence. Nonetheless, we are still just scratching the surface and learning where the real challenges are in data analytics for security.
This talk will go on a journey of big data in cybersecurity, exploring where big data has been and where it must go to make a true difference. We will look at the potential of data mining, machine learning, and artificial intelligence, as well as the boundaries of these approaches. We will also look at both the shortcomings and potential of data visualization and the human computer interface. It is critical that today's systems take into account the human expert and, most importantly, provide the right data.
Misp(malware information sharing platform)Nadim Kadiwala
A threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. Discover how MISP is used today in multiple organisations. Not only to store, share, collaborate on cyber security indicators, malware analysis, but also to use the IoCs and information to detect and prevent attacks or threats against ICT infrastructures, organisations or people.
MỘT SỐ NGUY CƠ ĐỐI VỚI AN TOÀN, BẢO MẬT THÔNG TIN TRÊN MẠNG CNTT CƠ QUAN ĐẢNG...Vu Hung Nguyen
Hội thảo Hợp tác Phát triển CNTT-TT Việt Nam lần thứ 17 sẽ diễn ra tại khách sạn Xanh thành phố Huế từ ngày 29 đến 31/8/2013. Hội thảo do Bộ Thông tin và Truyền thông, UBND tỉnh Thừa Thiên Huế, Hội Tin học Việt Nam và Hội Tin học thành phố Hồ Chí Minh đồng tổ chức với chủ đề “Xây dựng hạ tầng CNTT-TT đồng bộ từ Trung ương đến địa phương tạo động lực phát triển kinh tế - xã hội”
http://ict2013.thuathienhue.gov.vn/
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...Abhay Bhargav
Serverless Technology (Functions as a Service) is fast becoming the next "big thing" in the world of distributed applications. Organizations are investing a great deal of resources in this technology as a force-multiplier, cost-saver and ops-simplification cure-all. Especially with widespread support from cloud vendors, this technology is going to only become more influential. However, like everything else, Serverless apps are subject to a a wide variety of attack possibilities, ranging from attacks against access control tech like Function Event Injection, JWTs, to NoSQL Injection, to exploits against the apps themselves (deserialization, etc) escalating privileges to other cloud component.
On the other hand GraphQL (API Query Language) is the natural companion to serverless apps, where traditional REST APIs are replaced with GraphQL to provide greater flexibility, greater query parameterization and speed. GraphQL is slowly negating the need for REST APIs from being developed. Combined with Serverless tech/Reactive Front-end frameworks, GraphQL is very powerful for distributed apps. However, GraphQL can be abused with a variety of attacks including but not limited to Injection Attacks, Nested Resource Exhaustion attacks, Authorization Flaws among others.
This talk presents a red-team perspective of the various ways in which testers can discover and exploit serverless and/or GraphQL driven applications to compromise sensitive information, and gain a deeper foothold into database services, IAM services and other other cloud components. The talk will have some demos that will demonstrate practical attacks and attack possibilities against Serverless and GraphQL applications.
Slides from the first module of the OWASP Ottawa Training Day 2012, "Integrating security and privacy in a web application project" training.
Module 1: before coding (security during inception and design phases)
The training was designed and produced by:
Antonio Fontes (OWASP Geneva) - http://www.slideshare.net/starbuck3000
Philippe Gamache (OWASP Montreal) - http://www.slideshare.net/PhilippeGamache
Sebastien Gioria (OWASP France) - http://www.slideshare.net/SebastienGioria
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some software shops either skip the important step of threat modeling in secure software design or, they have tried threat modeling before but haven't quite figured out how to connect the threat models to real world software development and its priorities. In this session, you will learn practical strategies in using threat modeling in secure software design and how to apply risk management in dealing with the threats.
How can public warning be employed not only to respond to terrorism, but to prevent--even preempt--attacks prior to their execution? This is a presentation I gave at the National War College. Missing are the talking points for each slide....
Building a Threat Hunting Practice in the CloudProtectWise
Building a Threat Hunting Practice Using the Cloud
James Condon, Director of Threat Research and Analysis ProtectWise and Tom Hegel, Senior Threat Researcher ProtectWise
Topics:
Threat Hunting 101
Requirements for Effective Threat Hunting
How the Cloud Can Help
Threat Hunting Best Practices
Questions
Next Steps
The function of the Laser Warning Sensor is to detect the laser threat, determine Pulse Repletion Frequency (PRF) and generate an edge matching signal to give firing command to the decoy laser. It comprises of number of laser warning sensors and a master controller. The laser warning sensors detects the laser radiation processes, determine the PRF and edge matching signals. It comprises of opto-electronic front end, signal processing and onditioning, embedded module for PRF decoding, and edge matching signal.
The pattern of violent incidents attributed to Salafist groups in Libya from March 2012 to September 2012 indicate that security across the country, and particularly in Benghazi, had deteriorated prior to the attack on the U.S. Consulate in Benghazi.
Ten Commandments of Secure Coding - OWASP Top Ten Proactive ControlsSecuRing
OWASP - Open Web Applications Security Project to fundacja której celem jest eliminacja problemów bezpieczeństwa aplikacji. OWASP działa w duchu "open source" i dostarcza narzędzi, informacji i wiedzy pozwalających podnieść poziom bezpieczeństwa aplikacji. W trakcie wykładu przedstawię krótko OWASP Top 10 w wydaniu dla programistów, czyli "Top 10 Proactive Controls" a więc najważniejsze zalecenia pozwalające na uniknięcie kluczowych błędów bezpieczeństwa.
SearchLove London | Will Critchlow, 'The Threat of Mobile' Distilled
Our focus on responsive websites and our fascination with app store rankings may be blinding us to the real threats and opportunities of the mobile revolution. In particular, as Google continues to ratchet up its mobile-first approach to design and Facebook looks more and more like a mobile channel, what should we be changing in our campaigns and strategies?
Web security – application security roads to software security nirvana iisf...Eoin Keary
Approaching Web Security, Secure application development and how to fix what matters. A useful talk for application developers and security experts alike.
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...Cyber Security Alliance
Threats, risks, actors, trends, attack techniques, defense issues and possible future scenarios for Critical Infrastructures in the age of cyber insecurity.
You want to start integrating security in your web application project but you don't know where to start and don't have access to software security professionals. What are the "cheapest" while very efficient activities that you can already do by yourself?
Agenda:
-Understanding the need for information security and privacy
-Secure design: key principles
-Threat modeling and analysis: building your first threat model and identifying the major risks in your web application
- Testing the security of your web application
- Understanding the big picture: what is a secure SDLC
- Cheap and efficient security activities that might be started immediatly in your SDLC
Cybersecurity: Malware & Protecting Your Business From CyberthreatsSecureDocs
http://www.securedocs.com -The recent increase in high-profile cyberattacks has made online security a hot topic, and rightfully so. Companies from The New York Times to Facebook have fallen victim to attacks by cybercriminals, highlighting just how vulnerable any business is. In the past few years, malware has evolved dramatically and is a serious threat to all organizations, both big and small.
This presentation covers what advanced malware is and the impact it can have on an organization. Learn how to protect your business from this type of threat.
Web security – everything we know is wrong cloud versionEoin Keary
A revised version for 2017 on an old OWASP talk from 2015.
Web application security, Development security challenges and how we are approaching cyber security incorrectly for years...but there is hope!!
Learn about current cybersecurity threats, what new threats are on the rise, and how to train the next generation of cyberprofessionals to help keep us secure.
Mobile Security for Smartphones and TabletsVince Verbeke
Are security concerns for mobile devices, like smartphones and tablets, real? Or, are claims of exponential growth in malware simply FUD? We will explore the major mobile operating systems and security concerns with each. This session will provide tips that can be shared to help your users protect their personal info and data when viewed from a mobile device. Information on mobile security programs will be shared, as well, including a look at whether free or commercial offerings provide better protection.
While traditional cybersecurity defenses focus on prevention, there are many vulnerabilities and potential attacks against weapon systems. While weapon systems are more software dependent and networked than ever before, cybersecurity has not always been prioritized with regards to weapon systems acquisition.
Threat actors have advanced in their sophistication as they are well-resourced and highly skilled, oftentimes gathering detailed knowledge of the systems they want to attack. Ensuring stronger detection methods is imperative, but because these types of threats are very targeted and advanced, agencies need the capability to proactively hunt.
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
Are security concerns for mobile devices, like smartphones and tablets, real? Or, are claims of exponential growth in malware simply FUD? We will explore the major mobile operating systems and security concerns with each. This session will provide tips that can be shared to help your users protect their personal info and data when viewed from a mobile device. Information on mobile security programs will be shared, as well, including a look at whether free or commercial offerings provide better protection.
Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...Anna Gomez
In this talk, the speaker will introduce an ongoing research project
funded by EPSRC (Engineering and Physical Science Research
Council), which will develop a new socio-technical framework and
corresponding software tools for reducing human-related risks.
The framework follows a human-in-the-loop and co-evolutionary
approach. He will discuss how such a framework can be applied
to a healthcare use case, and how people from the health sector
may collaborate with the project team.
5th International Disaster and Risk Conference IDRC 2014 Integrative Risk Management - The role of science, technology & practice 24-28 August 2014 in Davos, Switzerland
How to deal with mobile in times that have venture capital flooding the place, innovations in IoT and wearables galore while you want to keep your information and people safe but they have to be as productive as possible... Presentation delivered at Apps World, London on 12 November 2014
What are the opportunities and threats that come with IoT, BYOeverything, traditional systems and the need to have your workforce as productive as possible? Presentation delivered at Apps World London 12 November 2014
Moving towards a mobile and wearable stragegy includes both up and downside risk. How to arrive at the upside, that is the question... Presentation delivered at Enterprise Apps World, London on 10 June 2014
Similar to Threat Modeling web applications (2012 update) (20)
Source code security review challenge at Confoo 2012 - Montreal (confoo.ca)
The audience was challenged in attempting to spot security vulnerabilities in a series of source code examples.
Sécurité dans les contrats d'externalisation de services de développement et ...Antonio Fontes
Préparer la sécurité dès la phase contractuelle lors de projets d'externalisation liés aux applications web: développement, hébergement cloud et location (SaaS)
Symposium GRI/CLUSIS sur le rôle de l'état dans la cybsécurité des entreprises suisses / 27 mai 2011
Web security track - opening talk:
OWASP & OWASP Switzerland
Swiss Cyber Storm 3 (Rapperswil, May 2011)
Original powerpoint slides can be downloaded and re-used under following conditions:
- you're free to copy, distribute and transmit the work
- you're free to adapt the work
- if you alter, transform, or build upon this work, you may distribute the resulting work under the same or similar rights to this one
The top 10 web application intrusion techniquesAntonio Fontes
The OWASP foundation published the 2010 version of its reference document describing the top 10 web application security risks.
During this talk, these ten intrusion techniques will be described to the audience.
Event: Confoo 2011 - Montreal
Mise au point sur le contexte et les motivations autour des cyberattaques dont il est fait référence dans la presse.
Audience: juridique (avocats, juristes, etc.)
Niveau technique: faible
Lieu: 2 décembre 2010, faculté de Droit à l'Université de Genève
Infos:
http://lexgva.ch/index.php?subaction=showfull&id=1290112460
Within end of March, the OWASP foundation will release the 2010 version of its major documentation project, the "Top 10 security risks in web applications."
Agenda:
- The 10 most common web application attacks
- Discovering the OWASP Top 10 document
- Integrating the Top 10 within an existing SDLC, as a software vendor, or a software buyer.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
Threat Modeling web applications (2012 update)
1. The OWASP Foundation
http://www.owasp.org
Threat analysis and modeling:
case study: a web application
Confoo Conference, Montreal, Feb 29th 2012
Antonio Fontes
antonio.fontes@owasp.org
Disclaimer: no cat was harmed during the preparation of this document.
2. Logistics
• This is a huge slide deck. Get prepared for it!
• You will get all the slides at the end of the session:
– http://slidehsare.net/starbuck3000
• Interrupt me when you have a question or want to share
a sentence
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 2
3. OWASP?
• Open Web Application Security Project
• Not-for-profit organization
• Open access, worldwide reach
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 3
4. OWASP?
• Elected committee
• Leaders:
– Project Leaders
– Chapter Leaders
• 1’500 members
– Individual, Academic , Corporate
• 20’000 meetings and conference participants
• 140 documentation and tools projects
• 250 chapters in 93 countries
• 1 website: https://www.owasp.org
• Montreal chapter!
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 4
5. Me
• Antonio Fontes
• Geneva (Switzerland)
• Independant infosec consultant:
– Web applications security
– Risk visibility and management
– Training & Coaching
• Cybercrime/threat analysis report:
– http://cddb.ch (in French)
• OWASP:
– Switzerland Board Member
– Geneva Chapter Leader
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 5
6. You?
• Experienced in infosec?
• Experienced in TAM?
• Which industries?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 6
7. Objectives
1. We understand concepts and words related to
threat modeling web applications.
2. We know when and how the process should be
performed.
3. We can identify high priority efforts.
4. The resulting tool is repeatable and simple to
use.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 7
8. Agenda
• Context & motivations
• Case study: OPMC/PLCM
• Conclusion & perspectives
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 8
9. Context
• Proliferation of interconnected
systems
• Mobile equipment, cloud computing
• Cybersecurity hype
• Victims:
– Organizations, individuals
– Financial damage
– Reputation damages
– Privacy
– Legal / fines / Compliance
– Mules
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 9
10. Context
• Democratization of web/mobile development
• Lack of visibility on threats/risks:
– Developers
– Top Management
– Suppliers / Vendors
• Communities struggle to talk to each other:
– Lack of time?
– Motivation?
• Personal data:
– Increasing value
– Collect once, process anytime
– Threat of control, regulation, fines, legal actions..
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 10
11. Motivation for threat modeling
• Increase visibility during the project:
– Create opportunities for risk mitigation
– Visibility is actionable
– Produce reusable outputs
– The model makes decision making possible and allows
prioritization of efforts to maintain risk at an
acceptable level.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 11
12. « Asset »
“Something possessed or controlled by an individual
or organization, from which benefit may be
obtained.”
• An asset requires:
limited accessibility and
generates value
• Assets can be intangible
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 12
13. Examples
• Money
• Machine or object
• Knowledge
• Know-how
• Tool
• …
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 13
14. « Vulnerability »
“A feature of an asset, that could be accidentally or
intentionally exercised and result in a violation of
the information system’s security policy or a
security breach.”
• Warning: a legitimate and perfectly functional
feature can also be turned into a vulnerability
under appropriate conditions.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 14
15. Examples
• Paper is vulnerable to fire, water and…scissors…
• A human body is vulnerable to piercing objects…
• An electrical system may be vulnerable to a
power surge…
• A highly secure web application stored in a highly
secure server may be vulnerable to an
earthquake…
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 15
16. « Threat »
“Anything (object, event, person, …) capable of
performing unauthorized or undesired actions
against a system.”
• A threat requires:
resources, skills, and
access to a given
system. Impact? Severe. Probability? …
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 16
17. threats
• Natural events: flood, seismic event,…
• Physical evolution or attributes: accident, dust,
corrosion, heat/fire damage
• Service failures: air conditioned, power,
telecommunications
• Disturbances: radio emissions
• Technical failures: bug, saturation, malfunction
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 17
18. threats
• People:
– Misuses, distractions,
errors
– Hackers
– Cybercriminals
– Terrorists
A threatening source of threat that threatens you…
– Insiders
– Industrial and state-level espionage
• …
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 18
19. « Impact »
“A change in the capability of an organization or an
individual to achieve its/his/her objectives.”
• An impact may induce a
loss, or a gain.
• In information risk
management, we mostly
deal with adverse impacts.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 19
20. impacts
• Generic impacts:
– Reputation damage
– Disclosure of strategic information
– Loss of money
– Loss of knowledge or know-how
– Disruption of activity
• Specific impacts:
– Temporary exposure to health damage
– A fine caused by a breach of compliance
– A broken machine
– …
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 20
21. « scenario »
“a sequence of events that bring a system from an
initial state to another state.”
• Beware of the confusion between final state and
impact.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 21
22. impact vs. scenario
Scenario:
• Someone looking for vulnerabilities on App X
• Vulnerability ‘V’ is found
• Vulnerability ‘V’ is exploited as to execute a data
exfiltration operation
• Data is retrieved outside the system
• Data is sold/leaked to a third party.
Impact:
• Loss of secret information leaked to the
competition financial damage
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 22
23. « vulnerability »
“Attribute of an asset, which when accidently or
intentionally exercised allows the execution of an
undesired scenario.”
• Warning: a vulnerability is not necessarily technical (XSS,
SQLi, CSRF, etc.). Many legitimate features in software
can be turned into vulnerabilities once used under
particular circumstances.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 23
24. vulnerabilities
• A sheet of paper is vulnerable to fire, or scissors.
• The human body is vulnerable to piercing.
• An electronic appliance is vulnerable to power
surges.
• An ultra secure web application hosted on a ultra
secure host remains vulnerable to an earthquake.
• A 4096-bits cryptographic key is vulnerable to a
gun pointed at the key holder.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 24
25. “Risk”
“Potential that a given threat will exploit features of
an asset (or a group of assets) in such a way that
it would cause harm to its owner.”
• A risk requires:
R= p x i
– A threat
– One or more assets
– A likelihood (or probability)
– An undesired impact
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 25
26. “Risk” OPENOPENOPEN
OPENOPENOPEN!!
• Is the cat a threat
source?
• Is the bird vulnerable?
• What would be an
undesired scenario?
• What would be the
impact?
• Is the bird actually at risk?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 26
27. What about danger?
• Danger suggests the almost certainty that the
undesired scenario will actually happen.
• Let’s remain
« proportional… »
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 27
28. What is « secure software »?
• First we need to understand what can go wrong.
• Information systems security properties:
– Confidentiality
– Integrity
– Availability
– Non-repudiation
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 28
29. What is « secure software »?
• A web application is «secure» when it:
1. it protects itself [and its components] from
unauthorized access or modification.
2. its performance can be degraded for other reasons
than legitimate activity.
3. its users cannot deny their actions.
4. protects the privacy of the people involved in the
data it is processing.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 29
30. What is « secure software »?
• Organizations each have their own vision of ‘secure’,
based on their worst preoccupation:
– Ecommerce platforms
– Critical infrastructures
– Marketing campaigns
– B2B
– Online communities and social tools
– Electronic banks
– Public adminstrations
– Etc.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 30
31. Agenda
• Context & motivations
• Case study: OPMC/PLCM
• Conclusion & perspectives
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 31
32. PLCM: the need
• Planificateur en ligne pour
consultation médicale (Online
Planner for Medical Consultation)
• Mission:
1. Help the secretary activities of a
group of pediatricians working
in several cities.
2. Enable online medical appointments
3. Accelerate the initial diagnostic and prioritize
emergency cases
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 32
33. PLCM: the concept
• Use cases:
– Patients:
• Look for a free spot for medical
consult, and book it.
• Cancellation of appointments
– Doctors’ cabinet:
• Handling of urgent cases
• Pre-diagnostic of patients based on initial
basic survey answers and comments.
• Appointment re-arrangement when necessary
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 33
34. PLCM: the concept
• Use cases:
– Automation to insurance company:
• Anonymized statistics sent monthly
to an insurance company
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 34
35. PLCM: the concept
• Vision:
– A web application
– Regular patients have an account
• H+24 booking
– Pro hosting
• As cheap as possible...
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 35
36. PLCM: the customer
• Just talked to a web agency
- Can you do
that?
- CHALLENGE
ACCEPTED!!
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 36
37. PLCM: the customer
• The customer comes to Confoo
and attends the “web security”
talk….
- Hey security
guy! What do
you think?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 37
38. PLCM: the customer
• The customer comes to Confoo
and attends the “web security”
talk….
- Hey security
guy! What do
you think?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 38
39. Mots de passe Insecure direct
Données
references
Script kiddies
VIP medical personnelles
information Insecure
Espionnage!des transport of
Données sur Cross-Site
Broken
enfants Can youANONYMOUS!!!
-credentials
Données surhelp Scripting!!!
authentication me?des enfants
Attaques web Hackers!
LDAP injection! SQL Injection! Insecure
Insecure Données password
Compliance! configuration storage
médicales
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 39
40. Threat analysis & modeling
(modélisation de menaces)
A process to identify and document threats to a
particular system and their most appropriate
countermeasures.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 40
41. What isn’t a threat model?
• It is not a solution to all problems:
– Insecure coding or deployment practices are not
covered by a TM
• It is not an exact science:
– 1 book covers the topic.
– It was written in 2004. By Microsoft engineers.
– A second book is being written.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 41
42. What is a threat model?
• It is a repeatable process.
• It is an early risk detection & prevention process:
– Conducted at design time
– Early threat and countermeasures detection
– Early risk treatment, thus, lower costs.
• It is a simple process:
– Pen and paper activity
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 42
43. What is a threat model?
• It is a tool that helps identifying:
– Threats, that might exercise their access to the
application
– Scenarios, that may result in damage/harm
– Controls, that may help blocking or detecting these
scenarios
• Ultimately, a threat model helps prioritize
security efforts.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 43
44. Elements of a TM
• Describing the system
• Identifying its valuable assets
• Identifying the threats sources
• Identifying doomsday scenarios
• Enumerating the most appropriate
measures/security controls
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 44
45. Threat modeling process
1. Describe the system and its assets
2. Identify the threat sources
3. Identity doomsday scenarios
4. Identify measures/security controls
5. Document all previous outputs.
6. Transmit the threat model.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 45
46. 1. System description
• Describe the system objectives
• Identify the system security requirements
(we did this before, remember?)
• Draw the system using the dataflow
diagramming (DFD)method
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 46
49. 1. System description
Datastore
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 49
50. 1. System description
Process!
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 50
51. 1. System description
Actor!!!
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 51
52. 1. System description
Connexion!!!!
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 52
53. 1. System description
Trust boundary!!!!!
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 53
54. 1. System description Trust
boundary
• Identify high-value assets
– Do we trust the admins?
– Do we trust the other machines?
– Anyone probably trying to intercept
communications?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 54
56. 1. System description
Data store
• Identify high-value assets
– Who benefits from stealing it? (confidentiality)
– Who wants to buy it? (confidentiality)
– Who wants to read it? (confidentiality)
– Who benefits from destroying it? (integrity)
– Who benefits from modifying it? (integrity)
– What data is under regulation/compliance control?
• Is it travelling outside the system?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 56
58. 1. System description
Process
• Identify high-value assets
– Who wants to imitate (spoof) it?
– Who wants to modify its execution flow?
– Is this system able to reach a more sensitive system?
• A control system? Physical machine?
• Another organization?
• A backend/transactional system ?
– Is it okay if this process gets shut down?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 58
60. 1. System description
External entity
• Identify high-value assets
– Who wants to imitate (spoof) the user?
• Can see something? Can write something?
– Is the user interested in denying his/her actions?
– Is the user using trusted equipment? (malware…)
– Does someone want to control one or more of your
clients/users systems?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 60
62. 1. System description
Dataflow
• Identify high-value assets
– Who wants to intercept the traffic?
• Secret information?
• Credentials?
– Who wants to modify it?
• Transactions?
– Flow direction:
• Can this flow directly allow bad data into our system?
• Can this flow directly feed sensitive data outside it?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 62
64. 1. System description
• Identify high-value assets
– Loop once again: you now know things you didn’t
know the first round.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 64
65. 1. System description
• High-value assets:
– Credentials will cross over the wire
– The web application is a gate to
the insurance company systems
– The databases are regulated and may probably trigger
high interest when either at-rest or in-transit.
– No network sniffing at the doctor’s cabinet (wired
ADSL line) but might be malware
• Need to ensure passwords cannot be stolen by a keylogger
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 65
66. 1. System description
• High-value assets:
– 2 malicious data injection flows.
Increase attention there!
– 3 disclosure flows. Watch out for error messages and
handling!
– 2 high-value client systems: increase output encoding
attention there!
– 2 highly regulated datastores
– 2 highly regulated dataflows
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 66
67. 1. Did you notice?
Training wasn’t needed to understand DFDs!
External entity Data store Dataflow Process
- User - Database server - Call - Service
- other system - Config file - Network link - Executable
-Partner/supplier - Registry - RPC - DLL
-… - Memory -… - Component
- Queue / stack - Web service
-… - Assembly
-…
Process boundary
Trust File system
boundary Network
…
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 67
68. Threat modeling process
1. Describe the system and its assets
2. Identify the threat sources
3. Identity doomsday scenarios
4. Identify measures/security controls
5. Document all previous outputs.
6. Transmit the threat model.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 68
69. 2. Threat sources analysis
• Use a threat source enumeration
– Should be provided by corporate.
– By an expert, if no corporate view available.
– Enumeration should indicate:
• source + likelihood/intensity
• Evaluate the exposure to the threat source:
– How easily can the threat source reach the system?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 69
70. 2. Generic threat sources
Type Source Intensity exposure comment
Automated threat High
sources (worms..)
Opportunistic Automated hands High
(hackers w/ tools)
Compliance / Law Medium
Competition Low
“Anonymous” Low
Targeted Insiders Low
Industrial / State Low
espionage
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 70
71. 2. Doctor’s threat sources
Type Source Intensity exposure comment
Malware-infected High
client systems
Opportunistic
Kids High
Other cabinet Low
“Anonymous” Low
Targeted
Cheating patients Low
Industrial espionage Low
Compliance Low
regulation
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 71
72. 2. Doctor’s threat sources
Type Source Intensity exposure comment
Malware-infected High High Internet
client systems system
Opportunistic
Kids High High Internet
system
Other cabinet Low High Internet
system
“Anonymous” Low High Internet
system
Targeted
Cheating patients Low High Internet
system
Industrial espionage Low High Internet
system
Compliance Low Medium Private +
Regulation Patient data
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 72
73. Threat modeling process
1. Describe the system and its assets
2. Identify the threat sources
3. Identity doomsday scenarios
4. Identify measures/security controls
5. Document all previous outputs.
6. Transmit the threat model.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 73
74. 3. Doomsday scenarios
• Some help: (Apply these to each threat source)
– Wants to steal your data? To sell it?
– Wants to modify your data?
– Wants to get access to your internal network?
– Wants to get access to another network through yours?
– Wants to stop/disturb your activity?
– Wants to deny his/her actions?
– Wants to avoid payment?
– Wants to withdraw money?
– Wants to damage your reputation?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 74
75. 3. Doomsday scenarios
• Some help: (Apply these to each threat source)
– What about someone using an automated tool?
– What about self-propagating malware?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 75
76. 3. Doomsday scenarios
• Describe the scenario:
– Who will trigger the scenario? (threat source)
• What is the intensity and exposure?
– What will be the impact?
• Theft? Loss? Corruption? Disruption? Money?
• Legal? Reputation? Productivity? Health?
– How will the scenario be realized?
• Describe how the attack is performed
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 76
77. 3. Doomsday scenarios
Description The patients identities database gets stolen
Description The passwords database gets broadcasted
Description Patients cheat by replacing other’s appointments with theirs
Description The insurance company gets under attack by our own server
Description A cabinet’s credentials get stolen by a third party
Description …
Description …
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 77
78. 3. Doomsday scenarios
Description The patients identities database gets stolen
Source(s) Other cabinet or some sort of espionage
(intensity: low; exposure: elevated)
Impact Financial: probably loss of revenue if another cabinet
Reputation: fatal if someone gets to know it…
Attack tree The data is obtained through a code injection:
#1 - an input parameter is not properly validated
- a DB code injection is performed on the parameter
- the data is returned to the attacker (either inline, or
through a file created on the system)
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 78
79. 3. Doomsday scenarios
Attack tree The data is obtained from within the hosting network:
#2 -The attacker gets into the system
- The attacker copies the files on an external media or
sends them
- The data can be read natively
Attack tree The attacker gets access to the cabinet account:
#3 - The password is guessed or bruteforced
- The password is intercepted on the wire
- The password is intercepted on the cabinet’s system
• Repeat with the other scenarios…
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 79
80. 3. Doomsday scenarios Attack trees
Attack tree #1 The data is obtained through a code injection:
- an input parameter is not properly validated
- a DB code injection is performed on the parameter
- the data is returned to the attacker (either inline, or through a
file created on the system)
Vulnerable
parameter
Code
injection
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 80
81. 3. Doomsday scenarios Attack trees
Attack tree #2 The data is obtained from within the hosting network:
-The attacker gets into the system
- The attacker copies the files on an external media or sends them
- The data can be read natively
Simple Network
password sniffing
Known local Physical
password intrusion
Vulnerable Local
parameter intrusion
Code Local
injection stealing
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 81
82. 3. Doomsday scenarios Attack trees
Attack tree #3 The attacker gets access to the cabinet account:
- The password is guessed or bruteforced
- The password is intercepted on the wire
- The password is intercepted on the cabinet’s system
Simple Network Traffic
password sniffing interception Weak
Malware
Known local Physical Hacked password
password intrusion email
Bruteforce
Vulnerable Local Stolen attack
parameter intrusion credentials
Bruteforced
Code Local Stolen cabinet
or Guessed
injection stealing password
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 82
83. 3. Doomsday scenarios Attack tree for
Simple Network scenario #1
password sniffing Traffic Weak
interception Malware password
Known local Physical
Hacked
password intrusion Bruteforce
email
attack
Local
Stolen
intrusion Bruteforced
Vulnerable credentials
or Guessed
parameter
Local
Code Got cabinet
stealing
injection password
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 83
84. Threat modeling process
1. Describe the system and its assets
2. Identify the threat sources
3. Identity doomsday scenarios
4. Identify measures/security controls
5. Document all previous outputs.
6. Transmit the threat model.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 84
85. 4. Identify security controls tree for
Attack
Simple Network scenario #1
password sniffing Traffic Weak
interception Malware password
Known local Physical
Hacked
password intrusion Bruteforce
email
Countermeasures analysis attack
Local
Stolen
intrusion Bruteforced
Vulnerable credentials
or Guessed
parameter
Local
Code Got cabinet
stealing
injection password
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 85
86. 4. Identify security controls tree for
Attack
Simple Network scenario #1
password sniffing - ??? Traffic Weak
interception Malware password
Known local Physical
Hacked
password intrusion Bruteforce
email
attack
Local
Stolen
intrusion Bruteforced
Vulnerable credentials
or Guessed
parameter
Local
Code Got cabinet
stealing
injection password
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 86
87. 4. Identify security controls tree for
Attack
Simple Network scenario #1
- Use validation in all data
password sniffing entry points
Traffic Weak
interception Malware password
Known local Physical
Hacked
password intrusion Bruteforce
email
attack
Local
Stolen
intrusion Bruteforced
Vulnerable credentials
or Guessed
parameter
Local
Code Got cabinet
stealing
injection password
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 87
88. 4. Identify security controls tree for
Attack
Simple Network -Use validation in allscenario #1
data
password sniffing entry points
Traffic Weak
interception
- ??? Malware password
Known local Physical
Hacked
password intrusion Bruteforce
email
attack
Local
Stolen
intrusion Bruteforced
Vulnerable credentials
or Guessed
parameter
Local
Code Got cabinet
stealing
injection password
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 88
89. 4. Identify security controls tree for
Attack
Simple Network -Use validation in allscenario #1
data
password sniffing entry points
Traffic Weak
interception
- ??? Malware password
Known local Physical
Hacked
password intrusion Bruteforce
email
attack
Local
Stolen
intrusion Bruteforced
Vulnerable credentials
or Guessed
parameter
Local
Code Got cabinet
stealing
injection password
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 89
90. 4. Identify security controls tree for
Attack
Simple Network -Use validation in allscenario #1
data
password sniffing entry points
Traffic Weak
interception Malware
- Request authenticatedpassword
Known local Physical
physical access to server
Hacked
password intrusion Bruteforce
email
-
attack
Local
Stolen
intrusion Bruteforced
Vulnerable credentials
or Guessed
parameter
Local
Code Got cabinet
stealing
injection password
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 90
91. 4. Identify security controls tree for
Attack
Simple Network -Use validation in allscenario #1
data
password sniffing entry points
Traffic Weak
interception Malware
- Request authenticatedpassword
Known local Physical
physical access to server
Hacked
password intrusion Bruteforce
email
- ???
attack
Local
Stolen
intrusion Bruteforced
Vulnerable credentials
or Guessed
parameter
Local
Code Got cabinet
stealing
injection password
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 91
92. 4. Identify security controls tree for
Attack
Simple Network -Use validation in allscenario #1
data
password sniffing entry points
Traffic Weak
interception Malware
- Request authenticatedpassword
Known local Physical
physical access to server
Hacked
password intrusion Bruteforce
email
- Require complex passwords
attack
Local
Stolen
intrusion Bruteforced
Vulnerable credentials
or Guessed
parameter
Local
Code Got cabinet
stealing
injection password
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 92
93. 4. Identify security controls tree for
Attack
Simple Network -Use validation in allscenario #1
data
password sniffing entry points
Traffic Weak
interception Malware
- Request authenticatedpassword
Known local Physical
physical access to server
Hacked
password intrusion Bruteforce
email
- Require complex passwords
attack
Local - Use SSL/TLS
Stolen
intrusion Bruteforced
Vulnerable credentials
or Guessed
parameter
Local
Code Got cabinet
stealing
injection password
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 93
94. 4. Identify security controls tree for
Attack
Simple Network -Use validation in allscenario #1
data
password sniffing entry points
Traffic Weak
interception Malware
- Request authenticatedpassword
Known local Physical
physical access to server
Hacked
password intrusion Bruteforce
email
- Require complex passwords
attack
Local - Use SSL/TLS
Stolen
intrusion Bruteforced
Vulnerable credentials
or Guessed
parameter
Local
Code Got cabinet
stealing
injection password
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 94
95. 4. Identify security controls tree for
Attack
scenario #1
-Use validation in all data Traffic Weak
entry points interception Malware password
- Request authenticated Hacked
physical access to server email Bruteforce
attack
- Require complex passwords
- Use SSL/TLS Stolen
Bruteforced
credentials
or Guessed
Got cabinet
password
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 95
96. 4. Identify security controls tree for
Attack
scenario #1
-Use validation in all data Traffic Weak
entry points interception Malware password
- Request authenticated Hacked
physical access to server email Bruteforce
attack
- Require complex passwords
- Use SSL/TLS Stolen
Bruteforced
credentials
or Guessed
Got cabinet
password
Patient database
is stolen
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 96
97. 4. Identify security controls
Patient database
is stolen
Attack tree #1 - Use validation in all data entry points
Countermeasures
Attack tree #2 -Request authenticated physical access to server
Countermeasures - Require complex passwords
- Use SSL/TLS
Attack tree #3 - Require complex passwords
Countermeasures - Implement account temporary auto-lockout mechanism
- Use strong authentication for the cabinet accounts
- Don’t send password by email
- Force password reset link expiration after X minutes
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 97
98. 4. Identify security controls
Attack tree #3 - Require complex passwords
countermeasures - Implement account temporary auto-lockout mechanism
- Use strong authentication for the cabinet accounts
- Don’t send password by email
- Force password reset link expiration after X minutes
Attack tree #... -…
Countermeasures
Attack tree #... -…
Countermeasures
Attack tree #... -…
Countermeasures
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 98
99. Threat modeling process
1. Describe the system and its assets
2. Identify the threat sources
3. Identity doomsday scenarios
4. Identify measures/security controls
5. Document all previous outputs.
6. Transmit the threat model.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 99
100. Documenting the threat model
• Proposition:
1. Context
2. System description
3. Threat sources
4. Doomsday scenarios
5. Proposed controls
6. Action list
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 100
101. Threat modeling process
1. Describe the system and its assets
2. Identify the threat sources
3. Identity doomsday scenarios
4. Identify measures/security controls
5. Document all previous outputs.
6. Transmit the threat model.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 101
102. 6. Transmit the threat model
• We cannot just “write and throw out” a security
document.
• Recipients often won’t understand it.
• To increase adoption:
– Present the results to the audience, in person.
– Discuss the countermeasures: cost vs. impact
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 102
103. 6. Transmit the threat model
• To increase adoption:
– Complete the threat model with a proposed action list
that you know is acceptable.
– Don’t ask too much:
maintain the view
on the global system.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 103
104. 6. Transmit the threat model
• Typical clients:
– The architects: they should integrate the proposition to update
the design.
– The developers: they usually would benefit from the model
transparently, through the updated specification.
– The security testing team: they now know what to test
precisely!
– The software editor: if you are acquiring software, you can add
the threat model to the software acceptance procedure.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 104
105. Going further…
• Attacker centric:
– All threat sources identified: their skills and attacks are
described.
• Asset centric:
– Assets are identified and sorted by value. Typical threats are
enumerated in the form of “doomsday scenarios”.
• System centric:
– Systematic application of the STRIDE + standard threats model
on each component of the system and full enumeration of all
countermeasures.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 105
106. Going further…
• Variable abstraction-level DFDs:
– Do you trust the server? The application server? The web server? The
calling class? The calling web service?
• Systematic DFD threat analysis:
– Systematic STRIDE model
• Security posture:
– Compliance
– Defense what we did
– Detection
– Countermeasures
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 106
107. Going further… Injection points
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 107
108. Going further… Infection points
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 108
109. Going further… Disclosure points
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 109
110. Going further… Encryption points
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 110
114. Agenda
• Context & motivations
• Case study: OPMC/PLCM
• Conclusion & perspectives
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 114
115. Conclusion
• TAM is an opportunity for early risk treatment:
– No source code required!
– Broad availability of common threats and countermeasures
– Look at the history: most scenarios are already known
• TAM is an opportunity for better design:
– The final action list can be given to an architect and to be
considered as intimately part of the requirements specification.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 115
116. Conclusion
• TAM is also an opportunity for loosing focus:
– Always keep the big picture in mind: who are we protecting
from and why?
– Be simple, stay small.
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 116
117. Next at Confoo:
• Today: • Friday:
– DIY incident response – Crypto 1o1 pour les
• Tomorrow: programmeurs
– Les navigateurs au service – Web application security
de vos applications trends
– Performing security audits – Microsoft Security
Development lifecycle
– Web security and you
– Trouvez la faille / Sopt the
– Sécurité et Ruby on Rails flaw!
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 117
118. Meet the OWASP@confoo
France Canada
Sébastien Philippe
@spoint @securesymfony
Switzerland
Antonio Jonathan
@starbuck3000 @jonathanmarcil
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 118
119. 2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 119
120. Thank you!
For any contact/question/slides
request/inquiry/complaint/love letter/thank you:
email: antonio.fontes@owasp.org
twitter: @starbuck3000
En français:
Newsletter Cybermenaces et sécurité Internet:
http://cddb.ch
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 120
122. Cheatsheets – Full TM process
1. Describe the context 5. Identify (counter)measures
2. Describe the system: – Output: list of controls for each
attack tree
– Output: business objective +
DFDs + high-value assets 6. Create the action list
3. Identify threat sources – Output: list of actions, sorted
by:
– Output: threat exposures
• Compliance requirements
4. Choose/Identify doomsday • High priority items (low cost/high
scenarios impact)
• Other actions
– Output: attack trees
7. Document & transmit!
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 122
123. Cheatsheets – Flow & Boundary
Process … Checkpoints:
Trust boundary
boundary File system - Protect the traffic if it allows:
Network - Credentials
- Private/Patient/Financial data
- Call - Other confidential information
Dataflow - Network link
- Data dumps
- RPC
- Can you trust the admins?
- If no, what are the potential threats?
- Will people sniff traffic there?
- If yes, protect the link.
- Are there “ennemy” hosts in the
same trust zone?
- If yes, what are the potential threats?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 123
124. Cheatsheets - Entity
- User Checkpoints:
External entity - other system - Do you need strong authentication?
-Partner/supplier…
- Can this entity conduct transactions?
- Can this entity access high privileges?
- Is the entity connecting from insecure or
untrusted client equipment?
- Is the entity connecting from a multi-
user system?
- Is data being stored at that entity?
- How do you protect it from tampering?
- How do you protect it from 3rd party
access?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 124
125. Cheatsheets - Process
- Service - Web service Checkpoints:
Process - Executable - Assembly - How do you authenticate this
- DLL -…
- Component process?
- Can someone imitate it?
- Is the process returning data - How do you validate it?
outside? - Can the process reach more
- Can system/error details be disclosed? sensitive systems?
- How would you detect leaking data?
- Confidential data?
- How do you protect client-side attacks?
- A physical control system?
- Is the process accepting data from - Another organization?
outside the secure boundary? - A backend/transactional system?
- Validate everything that comes in. - If yes is it hosted on a secure system?
- Verify that you validate everything. - Can this process be interrupted?
- Ask a 3rd- party to verify this. - If no, how do you prevent this?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 125
126. Cheatsheets - Datastore
- Database - Memory Checkpoints:
Data store server - Queue /
- Config file stack - Who wants that data?
- Registry -… - Will they hack for it? Or will they pay
someone to retrieve it from inside?
- Is the storage protected from local
access?
- If no, what are the threats?
- Can you encrypt it?
- If you encrypt it, where would be the keys?
- Is there some compliance or regulation
that forces usage of encryption?
- Is the datastore located on a mobile
system?
- What if the support gets stolen?lost?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 126
127. Cheatsheets – human threat sources
Type Source Intensity Exposure comment
Automated threat High
sources (worms..)
Opportunistic Automated hands High
(hackers w/ tools)
Compliance / Law Medium
Competition Low-High
“Anonymous” Low-High Evaluate collateral
dmg.
Targeted
Insiders Low-High
Industrial / State Low-
espionage High?
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 127
128. Cheatsheets – Doomsday scenarios
– Data X was stolen – User U was able to
• Credentials/Private data were withdraw/redirect money
disclosed – A secret was intercepted by a guy
– Data X was modified sniffing the network
• Who can modify access control – A highly sensitive user password
rules? Super admin password? was stolen on his infected phone
– Process P was spoofed to capture – A connection link is saturated
data X
– A process or datastore is saturated
– Code was injected in Process P to by creating cumulative elements of
access deeper system X
– Process P was interrupted, crashed
or slowed down
– User u denies his/her actions
– User U was able to avoid payment
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 128
129. Things you want to remember
2/29/2012 Confoo 2012 Montreal - Threat Modeling - Antonio Fontes 129