Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Edward Bonver Principal Software Engineer, Symantec Product.

Published byDeirdre George Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Edward Bonver Principal Software Engineer, Symantec Product."— Presentation transcript:

1 1 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Edward Bonver Principal Software Engineer, Symantec Product Security Team Edward_Bonver@Symantec.com

2 Sample Agenda OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec 2 What? – Intro & Definitions 1 Who? When? How Often? 2 How? – Not Too Technical Details of the Process 3 A Few Extra Words of Advice 4 Tools 5

3 3 Defining Terms - What is a Threat? Simplest definition: "The adversary's goals, or what an adversary might try to do to a system" "Threat Modeling" == "Adversary's Goal Modeling" or "Modeling the Adversary's Goals“ Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

4 What’s Threat Modeling? Threat modeling is a process of assessing and documenting a system’s security risks Uncover security weaknesses and vulnerabilities Rank risks Come up with mitigations Understand your system better 4 OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

5 5 Protecting Your House OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

6 6 Thinking Like an Attacker Open Safe Pick Lock Learn Combo Cut Open Safe Install Improperly Find Written Combo Get Combo from Target Blackmail ThreatenEvesdrop Bribe Listen to Conversation Get Target to State Combo AND OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

7 Quality Assurance Questions: – When do your QA folks engage in a project? – QA team composition – Experience – Environment knowledge Understand your system better – Test plans & test cases – Requirements OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec 7

8 Security Requirements… 8 OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Security Requirements? Security Requirements! Security Requirements??? Requirements. Add(“…and System Must be Secure!”);

9 A Few Philosophical Thoughts… Threat modeling is like sushi 9 It’s a team activity (see next slide) OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

10 10 Roles – Who is Involved Architects and Developers QA Program Managers Product Managers Security Experts (Consultants) OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

11 11 ImplementingMonitoring Security Training Code Analysis Tools (Automation) Fuzz Tests Config Analysis Tools Security & Penetration Test Vulnerability Mgmt Security Goals and Planning Risk Assessment Best Practices Readiness Review Checkpoint Understanding Threat model OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec When to Threat Model?

12 Why Threat Models are Effective? ~50% of all vulnerabilities introduced during the architecture and design phase. Supported by Common Weakness Enumeration (CWE), from the field 12 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

13 13 Getting There 1.Draw Diagram 2.Analyze Model 3.Calculate Risk 4.Plan Mitigation OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

14 Draw Diagram 14 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

15 Analyze Model SS TT RR II DD Tampering Repudiation Information disclosure Denial of service Can an attacker gain access using a false identity? Can an attacker modify data as it flows through the application? If an attacker denies an exploit, can you prove him or her wrong? Can an attacker gain access to private or potentially injurious data? Can an attacker crash or reduce the availability of the system? EE Elevation of privilege Can an attacker assume the identity of a privileged user? Spoofing 15 OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

16 16 DFD shows possible Effects of Vulnerabilities STI DE TID TID TID TID TID TID SR SR External Entity Multi- Process Data Store Data flow OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

17 Common Vulnerability Scoring System (CVSSv2) A rating system that goes from 1-10. Use the National Vulnerability Database calculatorNational Vulnerability Database calculator 17 OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Calculate Risk

18 18 CVSSv2 Calculator Cutting Edge 2010-11: Threat Modeling at Symantec

19 Plan Mitigation 19 OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Easy enough CWE to the rescue

20 Unmitigated Threats Now what? 20 OWASP WWW, Irvine, CA, January 28, 2011

21 21 Dealing with Risk Reduce the Risk Transfer the Risk Accept the Risk Reject the Risk OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

22 22 Final Considerations Threat Modeling is an ongoing process Start small Revisit Threat Models Threat models are sensitive documents – Keep them in a safe location with limited team access OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

23 23 Documenting All Threats Threats always exist, live forever Vulnerabilities exist if there is an unmitigated path to realizing a threat Threat Asset Mitigation Vulnerability OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

24 24 Tools Microsoft SDL Threat Modeling Tool OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

25 25 Tools Excel Digital Camera Microsoft Word (or Notepad) Good Revision System (CVS, Perforce, etc.)

26 OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec 26 Tools Elevation of Privilege Card Game

27 Thank you! OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec 27 Edward Bonver Principal Software Engineer, Symantec Product Security Team Edward_Bonver@Symantec.com

Download ppt "1 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Edward Bonver Principal Software Engineer, Symantec Product."

Similar presentations

Sachin Rawat Crypsis SDL Threat Modeling.

Sachin Rawat Crypsis SDL Threat Modeling.
Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.

Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.
Copyright © 2005 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.

Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.
Bridging the gap between software developers and auditors.

Bridging the gap between software developers and auditors.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Engineering Secure Software. Uses of Risk Thus Far  Start with the functionality Use cases  abuse/misuse cases p(exploit), p(vulnerability)  Start.

Engineering Secure Software. Uses of Risk Thus Far  Start with the functionality Use cases  abuse/misuse cases p(exploit), p(vulnerability)  Start.
Guidelines and Tools for ADM

Guidelines and Tools for ADM
Cassio Goldschmidt May 13 th, 2009. Introduction 2.

Cassio Goldschmidt May 13 th, Introduction 2.
Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.

Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.
August 1, 2006 Software Security. August 1, 2006 Essential Facts Software Security != Security Features –Cryptography will not make you secure. –Application.

August 1, 2006 Software Security. August 1, 2006 Essential Facts Software Security != Security Features –Cryptography will not make you secure. –Application.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
THREAT MODELLING Kick start your application security with Threat Modelling.

THREAT MODELLING Kick start your application security with Threat Modelling.
Application Threat Modeling Workshop

Application Threat Modeling Workshop
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Architecting secure software systems

Architecting secure software systems
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.

Similar presentations

Ads by Google