webshop-design/Threat-Modelling.md
2020-10-16 12:06:19 +02:00

3.7 KiB
Raw Blame History

Target of Evaluation

alt_text

Security requirements and objectives

Security requirements

Security Requirement Security Objective
Confidentiality Personal data of users must be protected from external entities Data encryption, access control
Confidentiality Only registered users should be able to upload and download CAFF files Data encryption, access control
Confidentiality Only registered users should be able to write comments for CAFF files Data encryption, access control
Integrity Regular users should not be able to modify or delete data. Access control
Availability The webshop should be usable with all modern browsers Browser support
Authentication Users should be able to register User authentication mechanism
Authorization Only administrators should be able to modify or delete data. Administrator privileges
Authorization Only administrators can view the purchases of other users Administrator privileges
Auditing Sign in attempts must be recorded Logging facilities

Threat assessment

Assets

Physical: there are no physical assets

Human:

  • Users

Logical:

  • CAFF files
  • Personal data of users
  • Login credentials

alt_text

Use Cases

alt_text

Weaknesses - Potential points of attack

  • Request from Frontend to Backend
  • Response from Backend to Frontend
  • Data flow between Backend and User Database
  • Data flow between Backend and Image Database

Possible attack interfaces

  • Compromised credentials
  • Weak and stolen passwords
  • Malicious insiders
  • Missing or poor encryption
  • Misconfiguration
  • Distributed Denial of Service
  • Phishing

Attack methods - Threat agents

  • Script kiddie Since we are not dealing with sensitive information and the webshop is not an essential service, the most likely attacker is a script kiddie. They could do a phishing attack and intrude the system. They could also exploit weak passwords.
  • Disgruntled employee An employee might have credentials and a deeper understanding of the system to do some damage or steal data.
  • Cyber crime organization It is not likely but possible that a cyber crime organization tries to steal passwords hoping that some users use the same password on other websites.

Risk assessment

Item Number Observation Likelihood Impact Risk Rating
1 User passwords can be guessed or cracked High Medium High
2 DDOS attack Low High Medium
3 Accidental file deletion/modification Medium High High

Identify countermeasures

  1. Enforce minimum password length
  2. Monitor the firewall
  3. Monitor permissions, privileged users and backups