http://www.hackerschool.org/HS_Boards/zboard.php?id=HS_Translate&no=13 []
so basically, You're saying that, I'm saying that
when an application is in design stage
⺻ α ܰ迡 ,
or when you are about to do threat analysis hopefully this is still in design stage.
Ȥ м Ϸ , ٶǵ ̰͵ ܰԴϴ.
you should have full knowledge of this background
˾ƾ߸ մϴ.
or at least as mush knowledge as possible
Ȥ ˾ƾ մϴ.
and there're too much knowlodges also handful so you know
אl ʹ ĵ ֽϴ.
you want to have as much knowledge as a from a security perspective focus
ð մϴ.
sit with the developers, talk to them, get the knowledge
** them
ڵ Բ ɾƼ ȭ ϰ, .
decompose application
α ϱ
so break the application into major chunks
α ߿ κе ɰϴ.
you can either break it to indivisual component type
װ Ʈ · ɰ ֽϴ.
by the entry point, trust point
entry point trust post Դϴ.
you can break into application architecture level itself
α Ű ɰ ֽϴ.
uh.. what is an application architecture?
α ŰĶ?
authentication, authorization, session management,
, 㰡, ...
you break the application into these specific areas
ok
ó α Ư ֽϴ.
once you have this specific area
ó Ư ,
you can isolatate them and you can focus *** problem or **** perspective
װ͵ ְ, *** Ȥ *** ֽϴ.
you can say ok this person is good at authentication stuff
' '
so and crypto stuff
' ȣ ' ̷ ֽϴ.
so lets get him going* in that authentication in crypto level
ȣ ʿ Ҵ ŵϴ.
you can seperate it and you have actual physical seperation of reviewing code
̷ ְ, ڵ ˴ϴ.
right now what happens typically is they hire ten people review the code
ڵ 並 10 ؼ
everybody is reviewing it's pretty bizarre
ΰ 並 ð մϴ. Ưմϴϴ.
if you actually break down into separate chunks it might became easier
ϴ.
the other matter that you can do is break in into indivisual components
ٸ Ʈ Դϴ.
identify all entry point the network accessible, locally accessible
entry point, Ʈũ , Ȯմϴ.
and identify the trust levels
trust level Ȯմϴ.
this is typically what microsoft recommends
̰ MS õϴ ̱ մϴ.
so modeling the ar... modeling system itself
ý ü մϴ.
this is the third level
̰ ° ܰԴϴ.
you can either do at third process stage
° μ ܰ迡 ص Ǹ,
you can either draw dataflow diagrams
dataflow ̾ ˴ϴ.
what is the dataflow diagrams?
dataflow ̶̾?
it's just a graphical representation of your entire data
ü ǥ Դϴ.
how it's flowing from start to finish
ۿ 귯..
I'm sure all of you know uh.. the details of dataflow diagrams ****
dataflow ̾ ؼ ˰ Ŷ մϴ.
and then do a detailed analysis of a determined threats
м ϴ.
this is the part where, again it's the single biggest challenge in my mind
κ մϴ.
you have to figure out what the possbility dangers are to the application
α ִ 輺 ˾Ƴ մϴ.
so far we have not touch the code
ڵ带 ʾҽϴ.
we are still thinking from threat analsysis point of view
츮 м ֽϴ.
i just want to keep that.. keep that in your mind right now
Ͻñ ٶϴ.
and figure out what is vulnerabilty?
˾ƾ մϴ.
vulnerabilty is when a thread is susceptible to in an attack
, װ ̶ մϴ.
it is not *** attack, but it could be an attack
ok
*** ƴ, ֽϴ.
something might be a threat but it might not a vulnerability
ֽϴ.
but every vulnerablity has to be a threat
˴ϴ.
it's a unmitigated threat
Դϴ.
it's what a vulnerabilty is
̰ ٷ Դϴ.
and if few have not thought of the threat before hand it,
̸̸ ʴ´ٸ,
it is likely that it would turn into a vulnerability
װ ߿ ֽϴ.
because you have obviously not level confirmations to accepts*
ܰ Ȯϰ Ǿ ʱ Դϴ.
so here are couple of definitions
ǰ ֽϴ.
which are dictionary.com and writing secure code
dictionary.com writing secure code Դϴ.
talk about different between threats, risks, and vulnerabilities
, , ϰ ֽϴ.
so, basically threat is a malicious entity that might try to attack
⺻ ̶ õϴ ü մϴ.
I think I made some mistakes over there.. a malicious
( Ǽ Ѱ a malicious)
a threat does not constitute vulnerablity
ʽϴ.
and basically is something that could be exploited but we dont have information about it
ok?
exploit , װͿ ƹ Դϴ.
risks, something might go wrong
Ҷ, ߸Ǿ ִٴ ǹմϴ.
and finally, vulnerability is definitly there is a weakness which has or has not yet been exploited
ok
̶, ְ, ̹ exploit Ǿų exploit մϴ.
assigning values all the theats that you bigger doubt
ǽɽ ġ οմϴ.
this is the second most important part of thread analysis
̹ м ־ ι° ߿ Դϴ.
a pre-source code review
ٷ ҽ ڵ Դϴ.
so microsoft came out with the standard DREAD model you know
ƽôٽ, MS ǥ DREAD ߽ϴ.
figure out damage reproduce simplity, exploitablity and assigned number between one to ten
um...
ϰ, exploit ɼ 1 10 ڷ մϴ.
when I used to teach class of writing secure code or source code reviews
write secure code̳ source code review ,
we use go under DREAD modeling and everyone used to ask me this question
츮 DREAD ϰ, ΰ ̷ մϴ.
which I had a lot of difficulty answering
̿ 亯 ϱⰡ ƽϴ.
how do you assign of value to damage to potential or any of these between one and ten?
ɼ̳ ̷ 1 10 ڵ Ҵ?
how figure it out, is there a standard?
װ ˱? ǥ ֳ?
and unfortunatly there is information about it
ƽԵ ̿ ϴ.
but it's pretty much pulling it out of your behind
ϴ ͺ ֽϴ.
ȴ κ ؿܿ ϰ ִ ¯ z0nkԾư ־ϴ.
ؼ ... ؼԴϴ..
|
Hit : 1743 Date : 2011/05/09 04:49
|