05 Attack Libraries

Question 1

Why use attack libraries instead of STRIDE?

Answer 1

Some practitioners suggested that STIDE is too high level and need a more detailed list of what can go wrong.

Question 2

What’s the purpose of Attack Libraries?

Answer 2

A library of tools can be a useful tool for finding threats against the system you’re building.

Question 3

What aspects would you consider for constructing attack libraries?
OR
What are the properties of attack libraries?

Answer 3

1. Audience
2. Detail versus abstraction
3. Scope

Question 4

How are checklist useful tools and what are the drawbacks?

Answer 4

Checklists are tremendously useful tools for preventing certain classes of problems. If a short list problems is routinely missed for some reason, then a checklist can help you ensure they don’t recur.

A checklist helps people avoid common problems, but the modeling of threats has already been done when the checklist is created.

A checklist can avoid recurring problems, but it is unlikely to help you think about security. Checklist won’t help you find any threats not on the list.

Question 5

Where do STRIDE, OWASP Top 10, CAPEC, and Checklist stand abstraction to detailed?

Answer 5

STRIDE - Abstraction
OWASP Top 10
CAPEC
Checklist - Detail

Question 6

What is literature review?

Answer 6

A literature review is roughly consulting the library to learn what has happened in the past.

Question 7

What is CAPEC?

Answer 7

CAPEC is a MITRE’s Common Attach Pattern Enumeration and Classification.

CAPEC is a comprehensive dictionary of known patterns of attack employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses.

https://capec.mitre.org/