|Accidental Discovery||An ordinary user stumbles across a functional mistake in your application, just using a web browser, and gains access to privileged information or functionality|
|Automated Malware||Programs or scripts, which are searching for known vulnerabilities, and then report them back to a central collection site.|
|The Curious Attacker||A security researcher or ordinary user, who notices something wrong with the application, and decides to pursue further.|
|Script Kiddies||Common renegades, seeking to compromise or deface applications for collateral gain, notoriety, or a political agenda|
|The Motivated Attacker||Potentially, a disgruntled staff member with inside knowledge or a paid professional attacker|
|Organized Crime||Criminals seeking high stake payouts, such as cracking e-commerce or corporate banking applications, for financial gain.|
- Denial of Service Attacks
- Environmental/Infrastructure Threats
The threats that you should be concernd about normally reflect the classification of the data that your application processes. For example if you are developing an online bank, you will need to have particular measures in place to tackle the last two OWASP threat types, Motivated Attacker and Organized Crime. However if your application is processing publicly available information such as product data, then it is unlikely that Organized Crime will be interested. You will mainly be concerned about the first four threat types.
The threats that you are worried about will also influence the level of assurance that you want to have in your development. For the first four threat types, you might decide that assurance to OWASP ASVS level 1 is sufficient. For the other threat types, higher levels of ASVS assurance may be required.
Many breaches result from loss of unprotected portable devices (USB memory sticks, laptops etc.) . If your application contains functionality which depends on the use of these type of devices, then this could well be your biggest source of accidental threat. That is why it is well worth while drawing some Data Flow Diagrams to find out where the data is going within the application - and outside.
Normal good secure development lifecycle practices should protect you against the first four OWASP threat types. For example proper implementation of SQL injection mitigation controls (stored procedures etc.) will prevent mass SQL Injection type attacks from being successful.
Motivated Attacker - Insider ThreatIt is difficult to protect against an "insider attack". It is not easy to stop your DBA walking away with the entire corporate database. Bruce Schneier outlines five basic techniques to help mitigate the insider attack:
- Limit the number of trusted people.
- Ensure that trusted people are also trustworthy - Background checks
- Limit the amount of trust each person has - Compartmentalization
- Give people overlapping spheres of trust -Separation of duties
- Detect breaches of trust after the fact and prosecute the guilty - Audit Trails
Organized CrimeIf you are worried about Organized Crime, then you probably already work for an organization (e.g. bank) who has appropriate measures in place.Use these.
Denial Of Service Attacks (DOS)DOS attacks against organisations are becoming more popular especially against political type bodies. You will know whether you are likely to be a target for such attacks. Brian Honan has some general advice on his blog about what to do. An important point is to have a relationship with your ISP.
Environmental/Infrastructure ThreatsOther threats which could cause a problem are hardware/infrastructure type issues which impact on availability. If a hard disk crashes, or there is a flood or a power outage, what measures are in place to get the application online again? Depending on the organization that you work for, you may already have procedures in place to handle these types of situations. Having a good backup/restore plan (which has been tested) is usually a good starting point.
SummaryWhen starting out on your development, think about the threats which you may face. Good secure development practices should prevent the most common types of application security threats.
Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot
Post a Comment