Revision as of 03:56, 12 April 2016

Last revision (mm/dd/yy): 04/12/2016

1 DRAFT CHEAT SHEET - WORK IN PROGRESS
2 Introduction
3 Define The Target Of Evaluation
4 Define The Attackers
- 4.1 Identify Possible Attackers that could exist within the Target Of Evaluation
- 4.2 Select the most dangerous Attacker in your Target Of Evaluation
5 Conduct the Threat Model
6 Remediation/Countermeasures

DRAFT CHEAT SHEET - WORK IN PROGRESS

Introduction

The objective of this cheat sheet is to provide guidance to developers, reviewers, designers and architects on conducting successful threat modeling. The main goal of threat modeling is to understand the controls needed for a software system. This is a complex endeavor that will involve investigations into:

The trust boundaries to and within the solution that we build
The actors that interact within and outside of the trust boundaries
Information flows within and to and from the trust boundaries
Information persistence within and out of trust boundaries
Vulnerabilities at trust boundaries
Threat agents that can exploit the vulnerabilities
Impact of exploitation of vulnerability by a threat agents
Controls and process needed to treat specific risks

Define The Target Of Evaluation

Create a logical map of the Target of Evaluation

Create a physical map of the Target of Evaluation

Identify the Assets within the physical and logical Targets of Evaluation

Define The Attackers

Identify Possible Attackers that could exist within the Target Of Evaluation

Use Means, Motive, and Opportunity to understand Threats posed by Attackers
Rank Attackers from least dangerous to most dangerous based on Means, Motive & Opportunity

Select the most dangerous Attacker in your Target Of Evaluation

Conduct the Threat Model

Assume the attacker has a zero day, because he does. In this methodology we assume compromise; because a zero day will exist or already does exist (even if we don't know about it). This is about what can be done by skilled attackers, with much more time, money, motive and opportunity than we have.

Enumerate Threats posed by most dangerous Attacker in Target of Evaluation

Enumerate Threats posed by most dangerous attacker in designated areas of the physical & logical Maps of the Target of Evaluation

For logical map example: External firewall boundary, Internal firewall boundary, application server, and internal network.
For physical map example: External to company (wifi attacks from parking lots for example), inside company branch (consultant on local network), in data centre (oops!).

Enumerate Attacks posed by most dangerous attacker in designated areas of the logical and physical maps of the target of evaluation

Not used in this methodology (compromise is assumed and not demonstrated - just because we can't get in doesn't make it risk free...)

 - Application Decomposition
 - Attack Tree
 - Vulnerability/Exploit Mapping
 - Application Testing

create risks in risk log for every identified threat or attack to any assets

rank risks using risk matrix from most severe to least severe

Identify risk owners

Remediation/Countermeasures

Agree on risk mitigation with risk owners and stakeholders

tolerate, transfer, treat, terminate

Treat risks accordingly

Test risk treatment to verify remediation

Reduce risk in risk log for verified treated risk

Periodically retest risk

Authors and Primary Editors

TODO

Other Cheatsheets

V - T - E Cheat Sheets
Developer / Builder	3rd Party Javascript Management Access Control AJAX Security Cheat Sheet Authentication (ES) Bean Validation Cheat Sheet Choosing and Using Security Questions Clickjacking Defense Credential Stuffing Prevention Cheat Sheet Cross-Site Request Forgery (CSRF) Prevention Cryptographic Storage C-Based Toolchain Hardening CSS Security Deserialization DOM based XSS Prevention Forgot Password HTML5 Security HTTP Strict Transport Security Injection Prevention Cheat Sheet Injection Prevention Cheat Sheet in Java JSON Web Token (JWT) Cheat Sheet for Java Input Validation Insecure Direct Object Reference Prevention JAAS Key Management LDAP Injection Prevention Logging Mass Assignment Cheat Sheet .NET Security OS Command Injection Defense Cheat Sheet OWASP Top Ten Password Storage Pinning Query Parameterization REST Security Ruby on Rails Session Management SAML Security SQL Injection Prevention Transaction Authorization Transport Layer Protection TLS Cipher String Configuration Unvalidated Redirects and Forwards User Privacy Protection Web Service Security XSS (Cross Site Scripting) Prevention XML External Entity (XXE) Prevention Cheat Sheet
Assessment / Breaker	Attack Surface Analysis REST Assessment Web Application Security Testing XML Security Cheat Sheet XSS Filter Evasion
Mobile	Android Testing IOS Developer Mobile Jailbreaking
OpSec / Defender	Virtual Patching Vulnerability Disclosure
Draft and Beta	Application Security Architecture Business Logic Security Content Security Policy Denial of Service Cheat Sheet Grails Secure Code Review IOS Application Security Testing PHP Security Regular Expression Security Cheatsheet Secure Coding Secure SDLC Threat Modeling
All Pages In This Category

@@ Line 19: / Line 19: @@
 # Impact of exploitation of vulnerability by a threat agents
 # Controls  and process needed to treat specific risks
-'''Application Security Threat Modeling'''
 = Define The Target Of Evaluation =

Difference between revisions of "Threat Modeling Cheat Sheet"