1. Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License. The OWASP Foundation OWASP http://www.owasp.org Threat Modeling By Dharmesh M Mehta June, 2006 dharmeshmm@mastek.com http://smartsecurity.blogspot.com

2. OWASP 2 Agenda  What is Threat Modeling  Threat Modeling Process  Threat Models and Analysis

3. OWASP 3 What is Threat Modeling?  Threat Modeling is a structured method that is used to understand and mitigate threats against your system.  Helps the development team:  Identify where the application is most vulnerable  Determine which threats require mitigation and how to address those threats  Genuinely useful and does not have to be difficult. It is a hot new buzzword!

4. OWASP 4 Essential Terminology  Threat – An action or event that might prejudice security. A threat is a potential violation of security.  Vulnerability – Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system.  Attack – An assault on system security that derives from an intelligent threat. An attack is any action that violates security.

5. OWASP 5 Threat Modeling Process  Define Application Requirements  Decompose your application  Define Application Architecture  Include External Components  Application Use Cases  Model  Find Threats against CIA  Measure

6. OWASP 6 Defining Application Requirements Courtesy: Microsoft Threat Analysis and Modeling

7. OWASP 7 Defining Application Architecture Courtesy: Microsoft Threat Analysis and Modeling

8. OWASP 8 Model Courtesy: Microsoft Threat Analysis and Modeling

9. OWASP 9 Threat Tree Threat #1 (I) Compromise password 1.1 Access “in-use” password 1.1.1 Sniff network 1.1.2 Phishing attack 1.2 Guess password 1.2.1 Password is weak 1.2.2 Brute force attack 1.3 Access Password in DB 1.3.1 Password is in cleartext 1.3.2 Compromise database 1.3.2.1 SQL injection attack 1.3.2.2 Access database directly 1.3.2.2.1 Port open 1.3.2.2.2 Weak db account password(s)

10. OWASP 10 Threat Models  You cannot build secure applications unless you understand threats  Find different bugs than code review and testing  Threat modeling yields both threats and vulnerabilities and provides ways to perform security testing in order to prioritize the security fixes needed.

11. OWASP 11 Threat Analysis  Secure software starts with understanding the threats  Threats are not vulnerabilities  Threats live forever  How will attackers attempt to compromise the system?

12. OWASP 12 That’s it…  Presentation will be online: http://www.owasp.org/index.php/Mumbai Thank you!