OO Threat Modelling (PPT 8.5) Flashcards
How should we approach security?
- Identify valuable assets
- Look at how it could be compromised
- Loom at how to mitigate threats
What is threat modelling?
It is a structured approach to address the security of an application
Why do we do threat modelling?
- To prevent embarrassing and costly security features
- Raises the profile of security early on, such as communication, early and ongoing tests and can expose problems early
- Deliver better (more secure) products
What are some common threats?
- Denial of service
- SQL injection
- Cross-site scripting (XSS)
- Buffer overflows/ memory compromises
- Error-handling
- Spoofing
- Tampering
- Web server config issues
- Infrastructure issues
What is Denial of Service?
This is flooding a system with data or requests to slow it down. Can be used as a distraction but often used as a ransom
How do we prevent a DoS attack?
- Front end hardware to filter and analyse traffic
- Resource limits/allocations to throttle requests
- Blocking source IP addresses
- SYN cookies (prevents users from leaving a connection half open)
What is a SQL Injection?
Injecting malicious code/scripts into a webpage
How do we prevent SQL injection attacks?
-Validation
-Don’t trust user input
-Validate, don’t sanitise
Validate = reject input
Sanitise = remove malicious characters
What is Cross Site Scripting?
Injecting malicious code, similar to SQL injection, but it is served up to a legitimate user and may direct them to malicious sites, etc
What is a buffer overflow?
Force memory overflows in a running application to crash or compromise it
What is poor error handling?
Hackers may force errors on your website, this may cause information to display which is sensitive and shouldn’t be viewed.
What are web server config issues?
- Out of date software
- Configuration files storing plain text passwords
- Guest accounts not disabled
- File system no restricted
What is spoofing?
When something is pretending to be something else, e.g. fake website Could be -user -website -files
How do we prevent spoofing?
Users
- Authentication and validation and strong password policies
- Careful management of session IDs and cookies
URL
-Check security certificates
Files
- Check file signatures and timestamps
- Check privileges
What is Information Disclosure?
Sensitive data passing over a network in plain text or stored in plain text or error messages revealing data