Threat modeling Web Applications

Source: Internet
Author: User
Document directory
  • Method
  • Getting started
  • What is threat modeling?
  • Why use threat modeling?
  • Terms
  • Main Concepts
  • Web Application Security Framework
  • Tool Integration

This Guide contains the following modules:

Overview of Web application threat Models

How to: create a threat model for Web applications during design

Memo form: Web Application Security Framework

Walkthrough: create a threat model for a Web application

Template: Web application threat model

Template example: Web application threat model

Method

Five major steps 1 of Threat modeling are shown. Step 2 to Step 5 should be repeated to Gradually refine the threat model. As the application development cycle advances, you will find more content about the application design and be able to add more details.

Figure 1. Repeated Threat modeling process

The five steps for threat modeling are:

Step 1: Determine the security objectives.Clear goals help you focus on Threat modeling activities and determine how much work will be done in subsequent steps.

Step 2: Create an application overview.Listing important characteristics and participants of an application one by one helps to identify related threats in step 4.

Step 3: break down the application.A comprehensive understanding of the application structure makes it easier for you to discover more relevant and specific threats.

Step 4: Determine the threat.Use the details in steps 2 and 3 to identify threats related to your application solution and context.

Step 5: determine the vulnerability.Check the layers of the application to identify threats-related vulnerabilities. Use the vulnerability category to help you focus on the most common error areas.

Getting started

Table 1 lists many common use schemes and the resources that should be used in each scheme.

Table 1: Solutions and related resources
Solution Resources
New to threat modeling.

"Overview of Web application threat models"

"How to: create a threat model for Web applications at design"

Quick Start.

"How to: create a threat model for Web applications at design"

Prepare for threat modeling.

"Drill: create a threat model for Web Applications"

Template or example is required.

"Template: Web application threat model"

"Template example: Web application threat model"

References are required to help identify threats and vulnerabilities.

"Memo form: Web Application Security Framework"

What is threat modeling?

Threat modeling is an engineering technology that you can use to help identify threats, attacks, vulnerabilities, and countermeasures in the context of an application solution. Threat modeling activities can help you:

Determine security objectives.

Identify related threats.

Determine relevant vulnerabilities and countermeasures.

Why use threat modeling?

Threat modeling:

Make the application design meet your security goals.

This helps you balance your decisions on major projects.

Reduces the risk of security issues arising during development and operations.

Terms

Threat modeling uses the following terms:

Assets.An asset is a value resource. It varies by angle. For an enterprise, assets may refer to information availability or information itself, such as customer data. It may also be invisible, such as the company's reputation. Attackers may abuse your applications to illegally access data or perform privileged operations.

Threat.A threat is an unexpected event. It is a potential event. It is generally best described as an influence that may damage assets or targets or endanger their security. In essence, it may be malicious or not malicious.

Vulnerability.A vulnerability is a vulnerability that may be exploited by a certain aspect or function of the system. Vulnerabilities exist at the network, host, or application level, including operation practices.

Attack (or exploitation ).An attack is a threat by exploiting one or more vulnerabilities. This behavior may be performed by someone by tracking threats or exploiting vulnerabilities.

Countermeasure.Countermeasures can solve vulnerabilities to reduce the possibility or impact of attacks. They do not directly address threats; instead, they address the factors that define threats. The scope of countermeasures includes improving application design, code improvement, and operation practices.

Main Concepts

Modes and practicesThe Threat modeling method has been optimized to help you identify vulnerabilities in the context of the application solution. In this way, you can quickly determine what you know, what you don't know, and what you need to know next. Security goals can help you succeed and limit your investment.

The pattern-based approach allows you to organize vulnerabilities in a more systematic and repetitive manner. It also helps you take advantage of common knowledge and avoid repeated efforts.

The type (scheme and context) of the application you want to build is an important aspect of relevance. For example, the vulnerabilities of Internet-oriented web applications may be different from those of reusable components in Intranet-oriented business applications.

Table 2 summarizes the main concepts related to the threat modeling method.

Table 2: Main Concepts
Concept Description
Modeling to Reduce Risks

Threat modeling is performed to determine when and where more energy should be invested. There are many vulnerabilities, threats, and attacks. Your applications are unlikely to encounter them. Your company is unlikely to have to solve them all. Threat modeling helps you determine where your organization needs to focus on.

Incremental Rendering

Threat modeling is performed repeatedly. You don't need to worry about missing details in any single loop-make each loop effective. You will perform the following operations repeatedly:

The details of the model are added as long as you know the new environment problems.

Design and implementation decisions expose new problems during development.

The use and configuration of the application will appear in the application life cycle (including the time when the application is put into production and maintained by the Operation Team.

Constantly present information available to you, and clarify what you know now and what you need to know next.

Precise Context

Context is precise to provide relevance. Context accuracy refers to context-specific, application type, and application solution to enhance information relevance. Because different application types, application usage, and roles generate different threats and vulnerabilities, You need to view application cases and roles to truly identify threats and actual vulnerabilities.

Boundary

Creating a boundary helps define constraints and goals. Boundary helps you determine what is absolutely not allowed, what needs to happen, and what is best to happen.

Entry and Exit conditions

By defining the entry and exit conditions, you can establish a test to test whether the test is successful, to know when the threat model is completed (good enough), and to ensure that the time spent in the activity is appropriate.

Communication and collaboration tools

Your threat model is a communication and collaboration tool that should be used to improve knowledge sharing and understanding. Threat modeling is used to focus energy and decision-making on design, development, testing, operations, and business. By recording threats and vulnerabilities in the document (even if they are resolved), you can help everyone understand them and avoid accidental omission of certain steps.

Mode-based Information Model

By using a pattern-based information model, you can determine the pattern of repetitive problems and solutions and organize them into categories. You can then use these categories to break down the application to further analyze and identify vulnerabilities related to each category for the application. By organizing vulnerabilities in this way, you can identify and handle vulnerabilities in a more systematic manner, and help you take advantage of common knowledge. In short, you do not have to start from scratch or become an expert on some issues. Categories can also facilitate information reuse and effective communication. You can use these pattern-based categories to organize and share principles and practices.

Major engineering decisions

A good model indicates your high-risk engineering decision-making and design choices. These high-risk options are good candidates for focusing on prototype results.

Web Application Security Framework

The Web Application Security Framework defines a set of vulnerability categories for Web applications. These categories are the most common areas where errors occur. They indicate areas where attention is most important.

The categories defined by the Web Application Security Framework are derived from security experts who examine and analyze the top-level security issues of many web applications. These categories are refined by feedback from Microsoft consultants, Product Support Engineers, customers, and Microsoft partners.

Table 3 summarizes the categories in the Web Application Security Framework.

Table 3: Web Application Security Framework
Category Description
Input and data verification

How can I know that the input received by the application is valid and safe? Input Validation refers to how the application filters, deletes, or rejects input before other processing.

Authentication

Who are you? Identity Authentication is a process in which one entity authenticates another entity. It is usually performed by creden, such as the user name and password.

Authorization

What can you do? Authorization is a way for applications to provide access control over resources and operations.

Configuration Management

Who is your application running? Which database does it connect? How to manage your applications? How do I protect these settings? Configuration management refers to how your application handles these operations.

Sensitive data

How does your application process sensitive data? Sensitive data refers to how your application processes all data that must be protected, whether in memory, on the network, or permanently stored.

Session management

How does your application process and protect user sessions? A session is a series of related interactions between a user and your web application.

Encryption

How to maintain confidentiality )? How can we prevent others from tampering with your data or database (integrity )? How to provide seeds for random values that must have strong confidentiality? Encryption means that the application ensures the confidentiality and integrity.

Parameter operations

How does your application operate on parameter values? For applications, form fields, query string parameters, and cookie values are often used as parameters. Parameter operations mean that the application protects these values from tampering, and that the application processes input parameters.

Exception management

What will your application do when a method call in the application fails? How much is displayed? Do you return the error message to the end user in a friendly manner? Do you pass valuable exception information to the caller? Is the failure method of the application friendly?

Review and record

When did someone do anything? Review and record refers to the way in which applications record security-related events.

You can use this framework to help identify threats and vulnerabilities. During threat identification, you should use it to help identify common threats related to your own application architecture. To help identify vulnerabilities, you can check applications layer by layer in a similar way and consider each vulnerability category in each layer.

Tool Integration

Threat modeling and other security engineering activities can be supported through design and development tools.Modes and practicesThreat modeling tools are supported by the following tools:

Visual Studio team system integration.In the MSF agile software development processPatterns & PracticesThreat modeling methods are integrated into Microsoft Visual Studio team system. For more information, see MSF process guidance or visit the MSF web site.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.