Presentation Material
Abstract
One of the most important weapons in our arsenal for securing applications is threat modeling. Applications are becoming increasingly complex and new technologies are emerging constantly. In this scenario, building or attacking applications is challenging. Threat models can help attackers discover design vulnerabilities and mount complex attacks. These models give secure application developers a great amount of leverage to envision their design, implementation and soundness of their architectures. Being living documents they also carry forward any knowledge gained from previous development life cycles and are invaluable in understanding the impact of any changes to the overall security posture of the applications. Understanding and constructing meaningful threat models is hard. Application teams and attackers need to be aware of what they want to model, how they want to model and when they want to model. Rapid Threat Modeling will help them develop models rapidly while reutilizing data they gathered either through reconnaissance or through the software development lifecycle. A practical hands-on demonstration of modeling threats for complex managed application will allow for immediate use of any threat modeling knowledge gained.
AI Generated Summarymay contain errors
Here is a summarized version of the conversation:
The speaker discusses the threat modeling process, automation, and attack library generation. They acknowledge that in real-world scenarios, unambiguous requirements rarely exist, especially in large CRM implementations. To address this, they propose a methodology that involves writing business rules and extracting them from requirement documentation.
When asked about practical applications, the speaker explains that their approach is to isolate application layers and components, creating separate threat models for each. They utilize trust boundaries to fragment applications and reduce the complexity of threat modeling.
Regarding the subject-object matrix, the speaker clarifies that it’s not just about authorization, but rather identifying top-level threats. They emphasize that implementation details should be plugged into the attack library, rather than being included in the top-level threat model.
The conversation also touches on the challenges of creating a consistent threat model, especially when implementation details are involved. The speaker suggests standardizing on a particular approach to ensure consistency across different threat models.
Finally, they mention that most of their time is spent filtering out requirements into a format that can be used for threat modeling. They have developed automated tools to generate attack trees, which will be released soon. In terms of real-world examples, the speaker estimates that creating a comprehensive threat model for a medium-sized organization would take around 10 working days with manual effort involved.