Once the possible impact is identified, options for addressing the risk include: The risk mitigation strategy might involve evaluating these threats from the business impact they pose. Once a risk ranking is assigned to the threats in step 2, it is possible to sort threats from the highest to the lowest risk and prioritize mitigation efforts. Such countermeasures can be identified using threat-countermeasure mapping lists. ![]() Step 3: Determine Countermeasures and MitigationĪ vulnerability may be mitigated with the implementation of a countermeasure. The determination of the security risk for each threat can be made using a value-based risk model such as DREAD, or a less subjective qualitative risk model based upon general risk factors (e.g. Use and abuse cases can illustrate how existing protective measures could be bypassed, or where a lack of such protection exists. Common threat lists with examples can help in the identification of such threats. ![]() From the defensive perspective, ASF categorization helps to identify the threats as weaknesses of security controls for such threats. These threats can be classified further as the roots for threat trees there is one tree for each threat goal. DFDs produced in step 1 help to identify the potential threat targets from the attacker’s perspective, such as data sources, processes, data flows, and interactions with users. The goal of the threat categorization is to help identify threats both from the attacker (STRIDE) and the defensive perspective (ASF). A threat categorization such as STRIDE can be used, or the Application Security Frame (ASF) that defines threat categories such as Auditing & Logging, Authentication, Authorization, Configuration Management, Data Protection in Storage and Transit, Data Validation, and Exception Management. Step 2: Determine and Rank ThreatsĬritical to the identification of threats is using a threat categorization methodology. The DFDs show the different paths through the system, highlighting the privilege boundaries. It is also used to produce data flow diagrams (DFDs) for the application. This information is documented in a resulting Threat Model document. Identifying trust levels that represent the access rights that the application will grant to external entities.items or areas that the attacker would be interested in. Identifying entry points to see where a potential attacker could interact with the application.Creating use cases to understand how the application is used.The first step in the threat modeling process is concerned with gaining an understanding of the application and how it interacts with external entities. The resulting document is the threat model for the application. Each step is documented as it is carried out. The threat modeling process can be decomposed into three high level steps. Making threat modeling a core component of your SDLC can help increase product security. ![]() Threat modeling looks at a system from a potential attacker’s perspective, as opposed to a defender’s viewpoint. This document describes a structured approach to application threat modeling that enables you to identify, quantify, and address the security risks associated with an application. Determine Countermeasures and Mitigation.Step 3: Determine Countermeasures and Mitigation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |