Upgrade to Pro — share decks privately, control downloads, hide ads and more …

It's The Threat Model Silly

Akash Mahajan
May 31, 2017
Technology
0
260

It's The Threat Model Silly

In the modern world while developers focus on individual modules and features they think about security from the point of view of their code. Since applications and networks are pervasive now and always working, attackers are able to find and exploit gaps to gain an advantage.

This will be a journey into this and a way to initiate discussions on how threat modelling is an approach to getting to holistic security and defensible coding.

Presented at #INCLUDE @Go-Jek Bangalore on 31st May 2017

Akash Mahajan

May 31, 2017
Tweet

More Decks by Akash Mahajan

See All by Akash Mahajan
Getting Started with Cloud Native Security for Security Pros
makash
0
100
Secure Software Development For Cloud (AWS) Teams
makash
1
390
On Writing Well
makash
0
160
Minimum Viable Security for Startups
makash
1
79
Reliable Automated Cloud Native Security Operations
makash
0
180
Doing SecOps for the Cloud using CloudNative
makash
1
320
OSINT Techniques for Pwning FinTech
makash
1
320
Secrets In Our Clouds
makash
0
180
Application Security in the time of Containers
makash
0
71

Other Decks in Technology

See All in Technology
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
130
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
300k
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
250
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
390
Platform Engineering for Software Developers and Architects
syntasso
1
520
Flutterによる 効率的なAndroid・iOS・Webアプリケーション開発の事例
recruitengineers
PRO
0
110
Engineer Career Talk
lycorp_recruit_jp
0
180
RubyのWebアプリケーションを50倍速くする方法 / How to Make a Ruby Web Application 50 Times Faster
hogelog
3
940
組織成長を加速させるオンボーディングの取り組み
sudoakiy
2
180
生成AIが変えるデータ分析の全体像
ishikawa_satoru
0
160
ノーコードデータ分析ツールで体験する時系列データ分析超入門
negi111111
0
410
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
220

Featured

See All Featured
The Invisible Side of Design
smashingmag
298
50k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
24k
Done Done
chrislema
181
16k
Designing the Hi-DPI Web
ddemaree
280
34k
Git: the NoSQL Database
bkeepers
PRO
427
64k
Speed Design
sergeychernyshev
25
620
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
Making Projects Easy
brettharned
115
5.9k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
Navigating Team Friction
lara
183
14k
Testing 201, or: Great Expectations
jmmastey
38
7.1k

Transcript

  1. IT'S THE THREAT MODEL, SILLY! #INCLUDE | GO-JEK | MAY

    2017 AKASH MAHAJAN - DIRECTOR APPSECCO

  2. WHAT IS A THREAT MODEL? WHAT EXACTLY IS A THREAT

    MODEL?

  3. MODEL REAL MODEL REAL

  4. IN COMPUTER SECURITY A THREAT IS A POSSIBLE DANGER THAT

    MIGHT EXPLOIT A VULNERABILITY TO BREACH SECURITY AND THEREFORE CAUSE POSSIBLE HARM. From Wikipedia for Threat (Computer) CONTROL THREAT

  5. THREATS CAN BE INTENTIONAL ACCIDENTAL FIRES QUAKE STORM FLOOD

  6. AND SOMETIMES…

  7. THREAT MODELLING IS A CONCEPTUAL MODEL FOCUSSING ON DATA FLOW

    MODELLING Mostly from Wikipedia

  8. DATA FLOW DIAGRAMS CREATED WITH A FEW PRIMITIVES

  9. A GOOD WAY TO CONSUME DATA IS WITH LISTS

  10. IT’S THE THREAT MODEL, SILLY! FOR THREAT MODELLING WE LISTS

    THAT WE SHOULD HAVE ✓Assets ✓Endpoints ✓External Dependencies ✓Trust Levels ✓and Data Flow Diagrams

  11. ASSETS What is that we need to protect? IT’S THE

    THREAT MODEL, SILLY!

  12. ENDPOINTS What are the ways, someone will interact with the

    system? IT’S THE THREAT MODEL, SILLY!

  13. EXTERNAL DEPENDENCIES What does the system need to operate? IT’S

    THE THREAT MODEL, SILLY!

  14. TRUST LEVELS What are the varying degree of trust levels

    we will have as part of the interaction ? IT’S THE THREAT MODEL, SILLY!

  15. DATA FLOW DIAGRAMS What are the various ways data will

    flow in the system? IT’S THE THREAT MODEL, SILLY!

  16. THREAT MODELLING 101 - MAZAA EDITION

  17. None

  18. EVERYTHING THAT IS RELATED TO SECURITY DEFENCE HAS TO BE

    LOOKED AT FROM THE POINT OF VIEW OF A THREAT MODEL Our Assertion IT’S THE THREAT MODEL, SILLY!

  19. LETS LOOK AT SOME OF THE SECURITY CONTROLS FROM THE

    POINT OF VIEW OF THREAT MODELLING

  20. IT’S THE THREAT MODEL, SILLY! PASSWORDS ▸ Why do we

    want to store passwords in a non-reversible manner? ▸ Why do we want to use a per password salt? ▸ Why do we want to slow down the rate at which hashes can be calculated?

  21. IT’S THE THREAT MODEL, SILLY! CSRF TOKEN ▸ Why do

    we need a CSRF token? ▸ Why do we need to ensure that we can check for origin?

  22. IT’S THE THREAT MODEL, SILLY! SSL/TLS ▸ How does the

    browser know that it can trust the initial certificate from the server?

  23. IT’S THE THREAT MODEL, SILLY! SUB RESOURCE INTERGITY ▸ How

    does SRI help us stay safe?

  24. IT’S THE THREAT MODEL, SILLY! YOUR FAVOURITE CONTROL ▸ Lets

    add some questions about it, to understand the possible threat model it was created for

  25. CONTROL MOVIE THREAT REAL THREAT

  26. SOMETIMES SECURITY CONTROLS INTRODUCE NEW ATTACK SURFACE Heard of CertificateTransparency

    Logs? IT’S THE THREAT MODEL, SILLY!

  27. WITHOUT "CONTEXT" SECURITY CONTROLS WILL NOT DO WHAT WE "HOPE"

    THEY SHOULD DO It is essential that we understand the basic threat model for which a control was envisioned, designed and implemented IT’S THE THREAT MODEL, SILLY!

  28. IT’S THE THREAT MODEL, SILLY! AADHAAR ENABLED PAYMENT SYSTEMS +

    ONE TIME PASSWORDS ▸ Why does it pose problems? ▸ The things that the architects maybe didn’t think about ▸ Rouge merchants can modify apps in the mobile Point of sale to store fingerprints ▸ GSM and mobile networks can allow sniffing of SMS text messages

  29. IT’S THE THREAT MODEL, SILLY! FOR AND AGAINST AADHAAR Assets

    UIDAI can’t figure out what is worth stealing External dependency UIDAI feel that leakage of information is not at their end, so they are not responsible Trust Levels UIDAI believe that all bankers and telcos can be trusted with sensitive data Endpoints There is no easy way to figure out what is an official channel or private channel for sharing data

  30. SO IN A WAY BOTH THE POINT OF VIEWS ARE

    RIGHT

  31. IT’S THE THREAT MODEL, SILLY! SCOPE CREEP - HAPPENS TO

    ALL THINGS THAT WORK INCLUDING THE INTERNET •Otherwise all working systems are afflicted by scope creep. They are asked to take on functions that they were not designed for. Every such function adds • Assets worth stealing • Endpoints worth investigating • External dependencies that may be insecure • Trust levels that are not thoroughly vetted • And miss some of the data flows

  32. IT’S THE THREAT MODEL, SILLY!

  33. THAT APPLICATION SECURITY GUY

  34. None

  35. QUESTIONS @makash | https://linkd.in/webappsecguy | [email protected]