Application Threat Modeling : Types Of Threats

Here's a small classification of Types Of Threats In Application Threat Modeling. This was earlier presented in SACON (International Security Architecture Conference) by Nilanjan De [Multiple patents, Zero Day Discovery, Co-Founder at FireCompass]

8669808085?profile=original

Types Of Threats :

  • Network
  • Host
  • Application

Threat Against The Network

  • Information Gathering

    • Port Scanning
    • Using trace routing to detect network topologies
    • Using broadcast requests to enumerate subnet hosts
  • Eavesdropping

    • Using packet sniffers to steal passwords
  • Denial Of Service (DoS)

    • SYN floods
    • ICMP echo request floods
    • Malformed packets
  • Spoofing

    • Packets with spoofed source addresses

8669819653?profile=original


Threats Against The Host

  • Arbitrary Code Execution

    • Buffer Overflows In ISAP DLLs (eg. MS01-033)
    • Directory Traversal Attacks (MS00-078)

  • File Disclosure

    • Malformed HTR requests (MS01-031)
    • Virtualized UNC share vulnerability (MS00-019)

  • Denial Of Service (DoS)

    • Malformed SMTP requests (MS02-012)
    • Malformed WebDAV requests (MS01-016)
    • Malformed URLs (MS01-012)
    • Brute-force file uploads

  • Unauthorized access

    • Resources with insufficiently restrictive ACLs
    • Spoofing with stolen login credentials

  • Exploitation of open ports & protocols

    • Use NetBIOS and SMB to enumerate hosts
    • Connecting remotely to SQL Server

8669819466?profile=original


Threats Against The Application

  • SQL Injection

    • Including a DROP TABLE command in text typed into an input field

  • Cross-site scripting

    • Using malicious client-side script to steal cookies

  • Hidden-field tampering

    • Maliciously changing the value of a hidden field

  • Eavesdropping

    • Using a packet sniffer to steal passwords and cookies from traffic on unencrypted connections

  • Session hijacking

    • Using a stolen session ID cookie to access someone else's session state

  • Identity Spoofing

    • Using a stolen forms authentication cookie to pose as another user

  • Information Disclosure

    • Allowing client to see a stack trace when an unhandled exception occurs

8669819871?profile=original


References:

You can view the full presentation here

SACON is the only International Conference On Security Architecture in the region. Who attends : CISO, CRO, CIO, Information Security Experts, IT Risk Professionals, Appsec professionals. Agenda includes SOC, Incident Response, Security Architecture Workshops, Cyber Range Drills, Threat Hunting, IoT Security, Forensics, AI & Machine Learning, Deception & much more. Click here to Pre-Register.

8669802070?profile=original

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform