"Examining a design or architecture from a high level to identify any security risks and plan suitable mitigations"

"All in the context of protecting something of value"

Not about making the system 100% secure.

Understanding your System

Security Personas

Use during threat assessment and when communicating risk. During testing + design.

• Motivation
  • Financial, Political, Personal, "Egotistical"
• Access
• Resources
  • Skills, Money, Time

Threat Model

STRIDE

• Spoofing (Impersonation)
  • Impersonate Interactors (external systems) or (Multi)Processors (internal systems)
• Tampering
  • On device, on wire, in a datastore, during processing
• Repudiation
  • Conduct actions and deny ownership of action
  • Countermeasure: logs
• Information Disclosure
  • The information our system or processes "disclose"
  • Logs & errors, Docs, Open source info, Decompiling, Metadata
• Denial of Service
  • Distributed and Cascading
  • Know your attack surface
  • Load testing
  • Chaos engineering - what would happen if a component disappeared?
• Escalation of Privilege
  • Users getting more permissions than they should have
  • Horizontal (access to other users' accounts)
  • Vertical (gaining authorization levels)
  • Lateral (privilege gained by traversing between applications)

Attack Tree

A method to group potential attacks against our system based on a specific motivation or target.