Please enable JavaScript.
Coggle requires JavaScript to display documents.
IIS Webserver (Presentation Layer), Threat Modelling for New Service, Web…
IIS Webserver
(Presentation Layer)
Middleware Server
(Business Logic)
Oracle Database
(Storage Layer)
Logging SIEM
(Data Store)
Threat Modelling for New Service
(1) What are we building?
Brain storming
Whiteboard session
Data Flow
Diagram
External Factors
web browser
Mobile applications
Processes
webserver
app server
database server
Data Flow
Data Stores
database storage
SIEM Logging
Trust Boundaries
Literature review
(2) What can go wrong?
STRIDE
S
Spoof a process
Spoof a file
Spoof a machine
Spoof a person / role
T
Tamper with file
Tamper with memory
Tamper with network
R
Repudiating an action
Attacking the logs
I
Against a process
Against a data store
Against a data flow
D
Against a process
Against a data flow
Against a data store
E
Corrupting the process
Buggy authorization checks
Missed authorization checks
Through data tampering
Attack Trees
(3) How can we mitigate those threats?
Spoofing
MFA
IPSec
Kerberos
Tampering
Hashes
Digital Signatures
ACLs
Repudiation
Information Disclosure
Denial of Service
Escalation of Privilege
(4) How can we detect those threats
Initial Access
Exploit Public Facing Application
External Remote Services
Execution
PowerShell
Windows Command Shell
WMI
Scheduled Task
Persistence
Create Account
Registry Run Keys
Logon Scripts
Webshell
Privilege Escalation
Process Injection
Bypass UAC
Setuid / Setguid
Sudo / Sudo Caching
Defense Evasion
Indicator Removal on Host
Masquerading
Web browser
Mobile Device
(phones, tablets, iPad, etc)
TV