webshop-design/Threat-Modelling.md

# Target of Evaluation

![alt_text](https://xwiki.kmlabz.com/bin/download/Projektek/UnstableVortex/Threat%20Modeling/WebHome/Target-of-Evaluation.png?rev=1.2)

# Security requirements and objectives

## Security requirements

|                 | Security Requirement                                                   | Security Objective              |
|-----------------|------------------------------------------------------------------------|---------------------------------|
| Confidentiality | Personal data of users must be protected from external entities        | Data encryption, access control |
| Confidentiality | Only registered users should be able to upload and download CAFF files | Data encryption, access control |
| Confidentiality | Only registered users should be able to write comments for CAFF files  | Data encryption, access control |
| Integrity       | Regular users should not be able to modify or delete data.             | Access control                  |
| Availability    | The webshop should be usable with all modern browsers                  | Browser support                 |
| Authentication  | Users should be able to register                                       | User authentication mechanism   |
| Authorization   | Only administrators should be able to modify or delete data.           | Administrator privileges        |
| Authorization   | Only administrators can view the purchases of other users              | Administrator privileges        |
| Auditing        | Sign in attempts must be recorded                                      | Logging facilities              |

# Threat assessment

## Assets

Physical:

*   ‒

Human:

*   Users

Logical:

*   CAFF files
*   Personal data of users
*   Login credentials

![alt_text](https://xwiki.kmlabz.com/bin/download/Projektek/UnstableVortex/Threat%20Modeling/WebHome/Full-system.png?rev=1.1)

## Use Cases

![alt_text](https://xwiki.kmlabz.com/bin/download/Projektek/UnstableVortex/Threat%20Modeling/WebHome/UseCase-diagram.png?rev=1.1)

## Weaknesses - Potential points of attack

*   Request from Frontend to Backend
*   Response from Backend to Frontend
*   Data flow between Backend and User Database
*   Data flow between Backend and Image Database

## Possible attack interfaces

*   Compromised credentials
*   Weak and stolen passwords
*   Malicious insiders
*   Missing or poor encryption
*   Misconfiguration
*   Distributed Denial of Service
*   Phishing

## Attack methods - Threat agents

*   **Script kiddie** ‒ Since we are not dealing with sensitive information and the webshop is not an essential service, the most likely attacker is a script kiddie. They could do a phishing attack and intrude the system. They could also exploit weak passwords.
*   **Disgruntled employee** ‒ An employee might have credentials and a deeper understanding of the system to do some damage or steal data.
*   **Cyber crime organization** ‒ It is not likely but possible that a cyber crime organization tries to steal passwords hoping that some users use the same password on other websites.

# Risk assessment

| Item Number | Observation                              | Likelihood | Impact | Risk Rating |
|-------------|------------------------------------------|------------|--------|-------------|
|           1 | User passwords can be guessed or cracked | High       | Medium | High        |
|           2 | DDOS attack                              | Low        | High   | Medium      |
|           3 | Accidental file deletion/modification    | Medium     | High   | High        |

# Identify countermeasures

1. Enforce minimum passwrd length
2. Monitor the firewall
3. Monitor permissions, previleged users and backups