What is threat modeling and why is it?
What is an attack vector and why?
Threat Modelling
Threat modeling is a process of designing security flaws or vulnerabilities of an application by thinking based on specific functionality. The mapping of security flaw may be following cases
- User-driven functionality
- Business logic
- Software package version installed on the system
The threat model essentially designed based on the application in a mind mapped diagram( not necessarily, maybe in an excel sheet) like Freemind.
The threat modeling can be fulfilled by listing out the forth mentioned cases, user cases, abuser cases and mind map of the attack vector.
So the question is, what is user cases, abuser cases, and attack vector?
The user case is, what exactly a legit user can do with the application.
Abuser case is, what are all abusive cases a non-legit user can do.
An attack vector is what kind of attack can be placed over the abuser cases.
Example:-
If an application has a functionality of the login (manager/normal user), upload file so and so.
I can write the use case for the login like follows
- User can log in to the application
- User can upload the application
At the same time, the abuser case for the functionality would be
- An abuser can impersonate users
- An abuser can try login continuously
- An abuser can upload any files
the abuser case for the use cases based on the functionality may be higher in number.
Threat model will help security enthusiasts to cover all the security flaws of an application.
Attack Vectors
An Attack vector is a pre-defined attack method, that can be placed over an abuser case. so the penetration tests can be performed with a flow without confusion(doesn’t mean that the can penetrate easily).
We all, mostly familiar with all kinds of attack vectors and attacks like follows.
Privilege Escalation: Session Attacks, Brute force, Default Login etc.
Injection: SQL Injection, XSS, CSRF
Unrestricted File upload: Reverse shell, DDOS, Malware
Vulnerabilities may differ based on the functionality
SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Server Side Request Forgery, XML External Entity, DDOS, so and so ( we can add as much as we can possibly be based on the tactics)
Attack vectors based on the forth mentioned abuser cases.
Generally
I would like to mention Threat modelling is a child’s play of a hacker/attacker/researcher, and it would be mapped like “what attack and where it can apply” policy and it depends on the mindset of a hacker.
The complete threat model in mind map look like in the image
Happy hacking!!
Note: Threat modelling and attack vectors neither promise security flaw or guaranteed vulnerability, and the list can be added in parallel while we test.
I haven’t written purely based on the technically(we all include STRIDE, the stride mentioned in the previous mind map image ), and it’s basically tactical based write up.
