Skip to main content

Software Design - An infosec angle

Software design is the important stage where the code is really put to work to deliver or build an business function and application. This is a stage where the SRS (Software Requirements Specifications) is finalized and signed off for design and development.

The major difficult in software design is to incorporate the business requirements as well as do threat modeling to understand the attack surface of the applications. Many applications do not show up problems in regular normal use but show up funny ways of responding when provided with a different input or action not generally considered as part of the application design.
The major areas that a threat model derived needs to address are – The Microsoft STRIDE model provides the following areas to be addressed as part of the design.

1. Spoofing
2. Tampering
3. Repudiation
4. Information Disclosure
5. Denial of Service
6. Elevation of Privilege
7. Integrity of Data

Even though all aspects are not covered most of them are covered in the above threat model. The best way to go about is to break the applications into the different threat vectors and address each one of them.

Each process, data store and elements that are part of the application design are specifically vulnerable to one of the vectors. A matix is prepared addressing each of the vectors’ effect on the application. All elements including web services, people who use the systems and the end points where data is handed over to another application are places of vulnerability. Once we map all the data flows from the application - In the form of a map , we identify areas that are possibly vulnerable to say Information Disclosure, and may have a threat profile associated with it.
The mapping will be very crucial to the way the application is designed. It always helps to think in the same way as a would be attacker does. In this way the model as it evolves will replicate a real threat scenario and the way an attack may be carried out. This is also one of the main reasons to differentiate between the design team and the team that threat models. This removes any bias the developer has for his system and is modeled in such a way that every aspect that can be exploited is tested thoroughly.

Though it is easier to write about threat modeling, it is an evolving science and needs to be modified in line with when it is required, new attack parameters are found and newer vectors are discovered, as they do the threat model that is used for design of the software needs to keep in tow with the evolving threat vectors

Comments

Popular posts from this blog

Where are we headed ... A crystal ball into Cybersecurity in the next five years .. Are we ready?

  The future of Cyber Security: Trends and Predictions for the Next 5 years The field of cybersecurity is constantly evolving, and the threats are only getting more sophisticated. In the next five years, we can expect to see a number of trends emerge in the field of cybersecurity, including: The rise of artificial intelligence (AI). AI is already being used by cybercriminals to develop more sophisticated and targeted attacks. As AI continues to develop, it is likely that cybercriminals will be able to use it to even greater effect. The increasing use of cloud computing. Cloud computing has many benefits, but it also introduces new security challenges. Cloud-based data is often more vulnerable to attack than data that is stored on-premises. The growth of the Internet of Things (IoT). The IoT is connecting billions of devices to the internet, which creates a vast new attack surface for cybercriminals. IoT devices are often poorly secured, making them easy targets for attack. The shor...

The Shifting Landscape of Knowledge and the Nobel Prize

Our recent conversation sparked some interesting thoughts about the prestigious Nobel Prize and the distribution of its recipients across the globe. Inspired by a user's search history, we delved into the fascinating patterns and potential implications of who gets recognized for groundbreaking achievements. The initial point of discussion centered on the user's search activity, which revealed an interest in various scientific and technological topics, as well as a specific search for "Nobel Prize winners by country." This led us to explore the geographical distribution of Nobel laureates, and a question arose: why does it seem that certain schools and countries, particularly in the West, have a higher representation? We considered several factors that might contribute to this observation: Historical Dominance in Science: Historically, Western nations have often been at the forefront of scientific research due to earlier investments and established infrastructure. V...

Red Team Blue Team Exercises - A Roadmap to follow to test the efficacy of controls

  Scenario 1: Phishing Attack Red Team Playbook Day 1: Send out phishing emails to the blue team. Monitor the blue team's response. Day 2: Analyze the blue team's response and identify any vulnerabilities. Report the findings to the blue team. Blue Team Playbook Day 1: Train employees on how to identify and avoid phishing emails. Monitor for phishing emails. Day 2: Analyze the phishing emails sent by the red team. Identify any vulnerabilities in the organization's phishing detection and response processes. Develop a plan to improve the organization's phishing detection and response processes. Analysis The red team's phishing attack was successful in getting several employees to click on the phishing links. This shows that the organization needs to improve its employee training on phishing awareness. The blue team was able to identify and contain the phishing attack, but it took them several hours to do so. This shows that the organization needs to improve its phishi...