Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Australia Security Summit Rocky Heckman CISSP MVP Senior Consultant Security and Monitoring Readify.

Published byEgbert James Modified over 9 years ago

Similar presentations

Presentation on theme: "Microsoft Australia Security Summit Rocky Heckman CISSP MVP Senior Consultant Security and Monitoring Readify."— Presentation transcript:

1 Microsoft Australia Security Summit Rocky Heckman CISSP MVP Senior Consultant Security and Monitoring Readify

2 Microsoft Australia Security Summit Microsoft Application Threat Modeling

3 Microsoft Australia Security Summit Agenda Introduce Threat Modeling Traditional Application Security New ACE Application Security ACE Threat Modeling Threat Analysis & Modeling Tool Attack Libraries

4 Microsoft Australia Security Summit If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. – Sun Tzu, The Art of War

5 Microsoft Australia Security Summit Threat Modeling What are the Threats? How do they happen? How to Fix it!

6 Microsoft Australia Security Summit Why should I care? Over 70% of attacks happen through the application layer There are stirrings of legislation in the UK and the US that will make developers personally liable if their code leads to a security breach 75% of organisations do not carry Cybersecurity insurance; If your application gets compromised and costs the company a lot of money, who will they fire?

7 Microsoft Australia Security Summit Agenda Introduce Threat Modeling Traditional Application Security New ACE Application Security ACE Threat Modeling Threat Analysis & Modeling Tool Attack Libraries

8 Microsoft Australia Security Summit Adversarial Perspective Current state of application security is mostly about an adversarial perspective Penetration Testing Security Code Review Security Design Review Looking for vulnerabilities that can be used to carry out an attack Vulnerabilities and attacks are simply a means to an end

9 Microsoft Australia Security Summit Software Application Security Penetration Testing Attempt to impersonate the adversary and “break-in” Security Code Reviews Detect security flaws in code base Security Design Reviews Detect security flaws in software architecture What are we looking for? We are Bug Hunting!

10 Microsoft Australia Security Summit Agenda Introduce Threat Modeling Traditional Application Security New ACE Application Security ACE Threat Modeling Threat Analysis & Modeling Tool Attack Libraries

11 Microsoft Australia Security Summit Defender’s Perspective Threats cannot be understood from an adversarial perspective Before we begin engineering, we need to understand how these threats could happen Build a security strategy Implemented and tested during SDLC

12 Microsoft Australia Security Summit Definitions: Threat, Attack, Vulnerability And Countermeasure Threat Realized through… Attacks Materialize through… Vulnerabilities Mitigated with… Countermeasures Possibility of something bad happening How it happens (the exploit) Why it happens (the cause) How to prevent it (the fix)

13 Microsoft Australia Security Summit Security Theatre Good Security Always protect Your Inputs! But know what your inputs are!

14 Microsoft Australia Security Summit If a negative business impact cannot be illustrated, it’s not a Threat!

15 Microsoft Australia Security Summit Agenda Introduce Threat Modeling Traditional Application Security New ACE Application Security ACE Threat Modeling Threat Analysis & Modeling Tool Attack Libraries

16 Microsoft Australia Security Summit Microsoft Application Threat Modeling VIDEO

17 Microsoft Australia Security Summit ACE Threat Modeling Principle behind ACE threat modeling One can’t feasibly build a secure system until one understands the threats against it Why threat model? To identify threats Create a security strategy ACE Threat Modeling provides application risk management throughout SDLC and beyond!

18 Microsoft Australia Security Summit What Is ACE Threat Modeling? Threat modeling methodology focused on typical enterprise IT (LOB) applications Objectives Provide a consistent methodology for objectively identifying and evaluating threats to applications Translates technical risk to business impact Empower the business to manage risk Creates awareness between teams of security dependencies and assumptions All without requiring security subject matter expertise

19 Microsoft Australia Security Summit ACE Threat Modeling Benefits Benefits for Application Teams Translates technical risk to business impact Provides a security strategy Prioritize security features Understand value of countermeasures Benefits for Security Team More focused Security Assessments Translates vulnerabilities to business impact Improved ‘Security Awareness’ Bridges the gap between security teams and application teams

20 Microsoft Australia Security Summit Responsibility Areas for Threats Application Context ThreatsAttacksVulnerabilitiesCountermeasures Application Team Expertise Security Team Expertise

21 Microsoft Australia Security Summit Threat Modeling Process Manual Generated Determine Risk Response Generate Threats Identify Counter- measures Determine Impact/Prob of Risk Use Cases Data A.C.M. Application Context Validate / Optimize Threat Model Define Model Measure Validate

22 Microsoft Australia Security Summit Decomposing The Application Context Roles Components Data Application Context Define

23 Microsoft Australia Security Summit Components Application Context Rules Application Context Define Roles Action Components DATA Create Read Update Delete Roles Action Components DATA

24 Microsoft Australia Security Summit Agenda Introduce Threat Modeling Traditional Application Security New ACE Application Security ACE Threat Modeling Threat Analysis & Modeling Tool Attack Libraries

25 Microsoft Australia Security Summit Defining Application Context DEMO Application Context Define

26 Microsoft Australia Security Summit Defining Use Cases Use Cases are an ordered sequence of actions (calls) based on the data access control matrix that result in the net data effect of the use case A Call is a coupling of a consumer with a provider for a specific action including the data transferred Use Cases Define

27 Microsoft Australia Security Summit Defining Use Cases DEMO Use Cases Define

28 Microsoft Australia Security Summit Generating Threats Application Context defines allowable actions Built by following our application context rules Systematic corruption of these actions are threats Automatic Threat Generation Generate Threats Model

29 Microsoft Australia Security Summit Generating Threats DEMO Generate Threats Model

30 Microsoft Australia Security Summit Agenda Introduce Threat Modeling Traditional Application Security New ACE Application Security ACE Threat Modeling Threat Analysis & Modeling Tool Attack Libraries

31 Microsoft Australia Security Summit Attacks Password Brute Force Buffer Overflow Canonicalization Cross-Site Scripting Cryptanalysis Attack Denial of Service Forceful Browsing Format-String Attacks HTTP Replay Attacks Integer Overflows LDAP Injection Man-in-the-Middle Network Eavesdropping One-Click/Session Riding/CSRF Repudiation Attack Response Splitting Server-Side Code Injection Session Hijacking SQL Injection XML Injection

32 Microsoft Australia Security Summit Attack Library Collection of known Attacks Define, with absolute minimal information, the relationship between The exploit The cause The fix SQL Injection Use of dynamic SQL Ineffective or lacking input validation Perform white- list input validation Use stored procedure with no dynamic SQL Use parameterized SQL statement

33 Microsoft Australia Security Summit Threat-Attack Loose Coupling Compromised integrity of credit card numbers SQL Injection Application Team Expertise Security Team Expertise SQL Injection Use of dynamic SQL Ineffective or lacking input validation Perform white- list input validation Use stored procedure with no dynamic SQL Use parameterized SQL statement Compromised integrity of credit card numbers

34 Microsoft Australia Security Summit Transparency With Attack Library Application Context ThreatsAttacksVulnerabilitiesCountermeasures

35 Microsoft Australia Security Summit Threat Modeling And Security SMEs Attack Library created by security SMEs Verifiable and repeatable Security SME provides TM completeness Verifies that the threat model meets the application specifications Plugs knowledge gaps in the threat model New 0-day attack not part of the Attack Library Performs potential optimization Validate / Optimize Validate

36 Microsoft Australia Security Summit Attack Library Usage DEMO Identify Countermeasures Model

37 Microsoft Australia Security Summit ACE Threat Modeling during SDLC SDLC SDL Envision Application Entry / Risk Assessment Internal Review Develop / Purchase Pre-Production Assessment TestRelease / Sustainment Post- Production Assessment CreationAssimilation Signoff Threat Model / Design Review Design Evolutionary Process Define Model Measure Validate Optimize Reference for Reviewers Reference for Testers and BAs Reference for Patching and other projects

38 Microsoft Australia Security Summit Threat Analysis & Modeling Tool Tool created to aid in the process of creating and assimilating threat models Automatic Threat Generation Automatic Attack coupling Provides a security strategy Maintain repository of Threat Models for analysis* Security landscape is evolving (new attacks, vulnerabilities, mitigations being introduced)

39 Microsoft Australia Security Summit Threat Analysis & Modeling Tool Analytics Data Access Control Matrix Component Access Control Matrix Subject-Object Matrix Component Profile Visualizations Call/Data/Trust Flow Attack Surface Threat Tree Reports Risk Owners Report Design/Development/Test/Operations Team Report Comprehensive Report

40 Microsoft Australia Security Summit Analytics and Reports DEMO Identify Countermeasures Model

41 Microsoft Australia Security Summit Summary Methodology evolved from years of experience Methodology streamlined to minimize the impact to existing development process Does not require security subject matter expertise Collecting already known data points Methodology optimized for SDL-IT integration Threat Analysis & Modeling tool http://msdn.microsoft.com/security/acetm Final Release in April 2006 http://msdn.microsoft.com/security/acetm http://blogs.msdn.com/threatmodeling/ http://www.rockyh.nethttp://www.rockyh.net My Blog http://www.rockyh.net http://www.techtalkblogs.comhttp://www.techtalkblogs.com Aussie Blog http://www.techtalkblogs.com

42 Microsoft Australia Security Summit Security e-forum site www.microsoft.com.au/eforum www.microsoft.com.au/eforum View On demand web casts of all presentations from this event (tell your work colleagues!) Online Live chats Have a live chat with Microsoft’s leading security experts. Check the e-forum site for the Live Chat schedule. Evaluation forms - we value your feedback! Need help with your business’ security? Q7 - register your interest on the eval form if you want to meet with Microsoft / a MS Security Solutions Partner to discuss solutions to address your Security challenges Fill in your form to go into the draw to win a HP Media Centre PC or Xbox 360 Code Camp Oz (http://www.codecampoz.com) Security seminar follow up…

43 Microsoft Australia Security Summit

44 © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Download ppt "Microsoft Australia Security Summit Rocky Heckman CISSP MVP Senior Consultant Security and Monitoring Readify."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Sachin Rawat Crypsis SDL Threat Modeling.

Sachin Rawat Crypsis SDL Threat Modeling.
SO YOU WANT TO BE A HACKER? Maybe not yet, but you will at the end of the hour!

SO YOU WANT TO BE A HACKER? Maybe not yet, but you will at the end of the hour!
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Microsoft Security Development Lifecycle for IT Rob Labbé Security Engagement Manager MSIT Infosec – ACE

Microsoft Security Development Lifecycle for IT Rob Labbé Security Engagement Manager MSIT Infosec – ACE
Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Introduction to Web Application Security

Introduction to Web Application Security
Objectives Explain the purpose and various phases of the traditional systems development life cycle (SDLC) Explain when to use an adaptive approach to.

Objectives Explain the purpose and various phases of the traditional systems development life cycle (SDLC) Explain when to use an adaptive approach to.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security

Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.

Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Secure Software Development SW Penetration Testing Chapter 6 Rasool Jalili & M.S. Dousti Dept. of Computer Engineering Fall 2010.

Secure Software Development SW Penetration Testing Chapter 6 Rasool Jalili & M.S. Dousti Dept. of Computer Engineering Fall 2010.
Architecting secure software systems

Architecting secure software systems
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.

Similar presentations

Ads by Google