Reporte de Threat Modeling Proyecto

Threat Model Summary:
Not Started 42
Not Applicable 0
Needs investigation 0
Mitigation Implemented 0
Total 42
Total Migrated 0
Diagram 1 Diagram Summary:
Not Started 42
Not Applicable 0
Needs investigation 0
Mitigation Implemented 0
Total 42
Total Migrated 0
1. Spoofing of Destination Data Store File System [State: Not Started]
[Priority: High]
Category: Spoofing
Description: File System may be spoofed by an attacker and this may lead
to data being written to the attacker's target instead of File
System. Consider using a standard authentication
mechanism to identify the destination data store.
Justification: <no mitigation provided>
Short
Description:
2. Potential Excessive Resource Consumption for Web Server APP1 or File

System [State: Not Started] [Priority: High]
Category: Denial Of Service
Description: Does Web Server APP1 or File System take explicit steps to
control resource consumption? Resource consumption
attacks can be hard to deal with, and there are times that it
makes sense to let the OS do the job. Be careful that your
resource requests don't deadlock, and that they do timeout.
Short
Description:
3. Spoofing the Web Server APP1 Process [State: Not Started] [Priority:
High]
Category: Spoofing
Description: Web Server APP1 may be spoofed by an attacker and this
may lead to unauthorized access to File System. Consider
using a standard authentication mechanism to identify the
source process.
Short
Description:
4. The File System Data Store Could Be Corrupted [State: Not Started]
[Priority: High]
Category: Tampering
Description: Data flowing across Data Flow may be tampered with by an

attacker. This may lead to corruption of File System. Ensure
the integrity of the data flow to the data store.
Short Tampering is the act of altering the bits. Tampering with a

Description: process involves changing bits in the running process.
Similarly, Tampering with a data flow involves changing bits
on the wire or between two running processes.
5. Data Store Denies File System Potentially Writing Data [State: Not
Started] [Priority: High]
Category: Repudiation
Description: File System claims that it did not write data received from an
entity on the other side of the trust boundary. Consider
using logging or auditing to record the source, time, and
summary of the received data.
Short Repudiation threats involve an adversary denying that

Description: something happened.
6. Data Flow Sniffing [State: Not Started] [Priority: High]

Category: Information Disclosure
Description: Data flowing across Data Flow may be sniffed by an attacker.

Depending on what type of data an attacker can read, it may
be used to attack other parts of the system or simply be a
disclosure of information leading to compliance violations.
Consider encrypting the data flow.
Short Information disclosure happens when the information can be

Description: read by an unauthorized party.
7. Data Flow Data Flow Is Potentially Interrupted [State: Not Started]
[Priority: High]
Description: An external agent interrupts data flowing across a trust

boundary in either direction.
Short Denial of Service happens when the process or a datastore

Description: is not able to service incoming requests or perform up to
spec.
8. Data Store Inaccessible [State: Not Started] [Priority: High]

Description: An external agent prevents access to a data store on the

other side of the trust boundary.

spec.
9. Spoofing the Browser External Entity [State: Not Started] [Priority:
High]
Category: Spoofing
Description: Browser may be spoofed by an attacker and this may lead to

unauthorized access to Web Server APP1. Consider using a
standard authentication mechanism to identify the external
entity.
Short Spoofing is when a process or entity is something other than

Description: its claimed identity. Examples include substituting a process,
a file, website or a network address.
10. Cross Site Scripting [State: Not Started] [Priority: High]

Category: Tampering
Description: The web server 'Web Server APP1' could be a subject to a

cross-site scripting attack because it does not sanitize
untrusted input.

11. Elevation Using Impersonation [State: Not Started] [Priority: High]

Category: Elevation Of Privilege
Description: Web Server APP1 may be able to impersonate the context

of Browser in order to gain additional privilege.
Short A user subject gains increased capability or privilege by

Description: taking advantage of an implementation bug.
12. Elevation by Changing the Execution Flow in Web Server APP1 [State:
Not Started] [Priority: High]
Description: An attacker may pass data into Web Server APP1 in order to
change the flow of program execution within Web Server
APP1 to the attacker's choosing.

13. Web Server APP1 May be Subject to Elevation of Privilege Using
Remote Code Execution [State: Not Started] [Priority: High]
Description: Browser may be able to remotely execute code for Web

Server APP1.

14. Data Flow HTTP Is Potentially Interrupted [State: Not Started] [Priority:
High]


spec.
15. Potential Process Crash or Stop for Web Server APP1 [State: Not
Description: Web Server APP1 crashes, halts, stops or runs slowly; in all
cases violating an availability metric.

spec.
Description: Data flowing across HTTP may be sniffed by an attacker.

Depending on what type of data an attacker can read, it may
be used to attack other parts of the system or simply be a
disclosure of information leading to compliance violations.
Consider encrypting the data flow.
Short Information disclosure happens when the information can be

Description: read by an unauthorized party.
17. Potential Data Repudiation by Web Server APP1 [State: Not Started]
[Priority: High]
Description: Web Server APP1 claims that it did not receive data from a
source outside the trust boundary. Consider using logging or
auditing to record the source, time, and summary of the
received data.

Description: something happened
18. Potential Lack of Input Validation for Web Server APP1 [State: Not
Category: Tampering
Description: Data flowing across HTTP may be tampered with by an

attacker. This may lead to a denial of service attack against
Web Server APP1 or an elevation of privilege attack against
Web Server APP1 or an information disclosure by Web
Server APP1. Failure to verify that input is as expected is a
root cause of a very large number of exploitable issues.
Consider all paths and the way they handle data. Verify that
all input is verified for correctness using an approved list
input validation approach.

19. Spoofing the Web Server APP1 Process [State: Not Started] [Priority:
High]
Category: Spoofing
Description: Web Server APP1 may be spoofed by an attacker and this

may lead to information disclosure by Browser. Consider
using a standard authentication mechanism to identify the
destination process.

20. Data Flow HTTP Is Potentially Interrupted [State: Not Started] [Priority:
High]


spec.
21. External Entity Browser Potentially Denies Receiving Data [State: Not
Description: Browser claims that it did not receive data from a process on
the other side of the trust boundary. Consider using logging
or auditing to record the source, time, and summary of the
received data.

Description: something happened.
22. Spoofing of the Browser External Destination Entity [State: Not

Category: Spoofing
Description: Browser may be spoofed by an attacker and this may lead to

data being sent to the attacker's target instead of Browser.
Consider using a standard authentication mechanism to
identify the external entity.

23. Spoofing of Destination Data Store SQL Database DB1 [State: Not Started] [Priority:
High]
Category: Spoofing
Description: SQL Database DB1 may be spoofed by an attacker and this may lead to data
being written to the attacker's target instead of SQL Database DB1. Consider
using a standard authentication mechanism to identify the destination data
store.
Short Spoofing is when a process or entity is something other than its claimed
Description: identity. Examples include substituting a process, a file, website or a network
address.
24. Potential SQL Injection Vulnerability for SQL Database DB1 [State: Not Started]
[Priority: High]
Category: Tampering
Description: SQL injection is an attack in which malicious code is inserted into strings that
are later passed to an instance of SQL Server for parsing and execution. Any
procedure that constructs SQL statements should be reviewed for injection
vulnerabilities because SQL Server will execute all syntactically valid queries
that it receives. Even parameterized data can be manipulated by a skilled and
determined attacker.
Short Tampering is the act of altering the bits. Tampering with a process involves
Description: changing bits in the running process. Similarly, Tampering with a data flow
involves changing bits on the wire or between two running processes.
25. Potential Excessive Resource Consumption for Web Server APP1 or SQL Database DB1
[State: Not Started] [Priority: High]
Description: Does Web Server APP1 or SQL Database DB1 take explicit steps to control
resource consumption? Resource consumption attacks can be hard to deal
with, and there are times that it makes sense to let the OS do the job. Be
careful that your resource requests don't deadlock, and that they do timeout.
Short Denial of Service happens when the process or a datastore is not able to service
Description: incoming requests or perform up to spec.
26. Spoofing the Web Server APP1 Process [State: Not Started] [Priority: High]
Category: Spoofing
Description: Web Server APP1 may be spoofed by an attacker and this may lead to
unauthorized access to SQL Database DB1. Consider using a standard
authentication mechanism to identify the source process.
address.
27. The SQL Database DB1 Data Store Could Be Corrupted [State: Not Started] [Priority:
High]
Category: Tampering
Description: Data flowing across TCP Flow may be tampered with by an attacker. This may
lead to corruption of SQL Database DB1. Ensure the integrity of the data flow
to the data store.
28. Data Store Denies SQL Database DB1 Potentially Writing Data [State: Not Started]
[Priority: High]
Description: SQL Database DB1 claims that it did not write data received from an entity on
the other side of the trust boundary. Consider using logging or auditing to
record the source, time, and summary of the received data.
Short Repudiation threats involve an adversary denying that something happened.

Description:

Description: Data flowing across TCP Flow may be sniffed by an attacker. Depending on
what type of data an attacker can read, it may be used to attack other parts of
the system or simply be a disclosure of information leading to compliance
violations. Consider encrypting the data flow.
Short Information disclosure happens when the information can be read by an

Description: unauthorized party.
30. Data Flow TCP Flow Is Potentially Interrupted [State: Not Started] [Priority: High]
Description: An external agent interrupts data flowing across a trust boundary in either
direction.
Short Denial of Service happens when the process or a datastore is not able to
Description: service incoming requests or perform up to spec.

Description: An external agent prevents access to a data store on the other side of the
trust boundary.
32. Spoofing of Source Data Store SQL Database DB1 [State: Not Started] [Priority: High]
Category: Spoofing
Description: SQL Database DB1 may be spoofed by an attacker and this may lead to
incorrect data delivered to Web Server APP1. Consider using a standard
authentication mechanism to identify the source data store.
address.
33. Cross Site Scripting [State: Not Started] [Priority: High]

Category: Tampering
Description: The web server 'Web Server APP1' could be a subject to a cross-site scripting
attack because it does not sanitize untrusted input.
34. Persistent Cross Site Scripting [State: Not Started] [Priority: High]
Category: Tampering
Description: The web server 'Web Server APP1' could be a subject to a persistent cross-site
scripting attack because it does not sanitize data store 'SQL Database DB1'
inputs and output.
35. Weak Access Control for a Resource [State: Not Started] [Priority: High]
Description: Improper data protection of SQL Database DB1 can allow an attacker to read
information not intended for disclosure. Review authorization settings.
Short Information disclosure happens when the information can be read by an

Description: unauthorized party.
36. Spoofing the Web Server APP1 Process [State: Not Started] [Priority: High]
Category: Spoofing
Description: Web Server APP1 may be spoofed by an attacker and this may lead to
information disclosure by SQL Database DB1. Consider using a standard
authentication mechanism to identify the destination process.
address.
37. Potential Data Repudiation by Web Server APP1 [State: Not Started] [Priority: High]
Description: Web Server APP1 claims that it did not receive data from a source outside the
trust boundary. Consider using logging or auditing to record the source, time,
and summary of the received data.
Short Repudiation threats involve an adversary denying that something happened.

Description:
38. Potential Process Crash or Stop for Web Server APP1 [State: Not Started] [Priority:
High]
Description: Web Server APP1 crashes, halts, stops or runs slowly; in all cases violating an
availability metric.
39. Data Flow TCP Flow Is Potentially Interrupted [State: Not Started] [Priority: High]
Description: An external agent interrupts data flowing across a trust boundary in either
direction.

Description: An external agent prevents access to a data store on the other side of the
trust boundary.
41. Web Server APP1 May be Subject to Elevation of Privilege Using Remote Code
Execution [State: Not Started] [Priority: High]
Description: SQL Database DB1 may be able to remotely execute code for Web Server
APP1.
Short A user subject gains increased capability or privilege by taking advantage of

Description: an implementation bug.
42. Elevation by Changing the Execution Flow in Web Server APP1 [State: Not Started]
[Priority: High]
Description: An attacker may pass data into Web Server APP1 in order to change the flow
of program execution within Web Server APP1 to the attacker's choosing.
Short A user subject gains increased capability or privilege by taking advantage of an

Description: implementation bug.

Reporte de Threat Modeling Proyecto

Uploaded by

Copyright:

Available Formats

Reporte de Threat Modeling Proyecto

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Reporte de Threat Modeling Proyecto

Uploaded by

Copyright:

Available Formats

Threat Model Summary:

Diagram 1 Diagram Summary:

Justification: <no mitigation provided>

2. Potential Excessive Resource Consumption for Web Server APP1 or File

Justification: <no mitigation provided>

Justification: <no mitigation provided>

Description: Data flowing across Data Flow may be tampered with by an

Justification: <no mitigation provided>

Short Tampering is the act of altering the bits. Tampering with a

Justification: <no mitigation provided>

Short Repudiation threats involve an adversary denying that

6. Data Flow Sniffing [State: Not Started] [Priority: High]

Description: Data flowing across Data Flow may be sniffed by an attacker.

Justification: <no mitigation provided>

Short Information disclosure happens when the information can be

Description: An external agent interrupts data flowing across a trust

Justification: <no mitigation provided>

Short Denial of Service happens when the process or a datastore

8. Data Store Inaccessible [State: Not Started] [Priority: High]

Description: An external agent prevents access to a data store on the

Justification: <no mitigation provided>

Short Denial of Service happens when the process or a datastore

Description: Browser may be spoofed by an attacker and this may lead to

Justification: <no mitigation provided>

Short Spoofing is when a process or entity is something other than

10. Cross Site Scripting [State: Not Started] [Priority: High]

Description: The web server 'Web Server APP1' could be a subject to a

Short Tampering is the act of altering the bits. Tampering with a

11. Elevation Using Impersonation [State: Not Started] [Priority: High]

Description: Web Server APP1 may be able to impersonate the context

Justification: <no mitigation provided>

Short A user subject gains increased capability or privilege by

Justification: <no mitigation provided>

Short A user subject gains increased capability or privilege by

Description: Browser may be able to remotely execute code for Web

Justification: <no mitigation provided>

Short A user subject gains increased capability or privilege by

Description: An external agent interrupts data flowing across a trust

Justification: <no mitigation provided>

Short Denial of Service happens when the process or a datastore

Justification: <no mitigation provided>

Short Denial of Service happens when the process or a datastore

Description: Data flowing across HTTP may be sniffed by an attacker.

Justification: <no mitigation provided>

Short Information disclosure happens when the information can be

Justification: <no mitigation provided>

Short Repudiation threats involve an adversary denying that

Description: Data flowing across HTTP may be tampered with by an

Justification: <no mitigation provided>

Short Tampering is the act of altering the bits. Tampering with a

Description: Web Server APP1 may be spoofed by an attacker and this

Justification: <no mitigation provided>

Short Spoofing is when a process or entity is something other than

Description: An external agent interrupts data flowing across a trust

Justification: <no mitigation provided>

Short Denial of Service happens when the process or a datastore

Justification: <no mitigation provided>

Short Repudiation threats involve an adversary denying that

22. Spoofing of the Browser External Destination Entity [State: Not

Description: Browser may be spoofed by an attacker and this may lead to