|An ordinary user stumbles across a functional mistake in your application, just using a web browser, and gains access to privileged information or functionality
|Programs or scripts, which are searching for known vulnerabilities, and then report them back to a central collection site.
|The Curious Attacker
|A security researcher or ordinary user, who notices something wrong with the application, and decides to pursue further.
|Common renegades, seeking to compromise or deface applications for collateral gain, notoriety, or a political agenda
|The Motivated Attacker
|Potentially, a disgruntled staff member with inside knowledge or a paid professional attacker
|Criminals seeking high stake payouts, such as cracking e-commerce or corporate banking applications, for financial gain.
- Denial of Service Attacks
- Environmental/Infrastructure Threats
The threats that you should be concernd about normally reflect the classification of the data that your application processes. For example if you are developing an online bank, you will need to have particular measures in place to tackle the last two OWASP threat types, Motivated Attacker and Organized Crime. However if your application is processing publicly available information such as product data, then it is unlikely that Organized Crime will be interested. You will mainly be concerned about the first four threat types.
The threats that you are worried about will also influence the level of assurance that you want to have in your development. For the first four threat types, you might decide that assurance to OWASP ASVS level 1 is sufficient. For the other threat types, higher levels of ASVS assurance may be required.
Many breaches result from loss of unprotected portable devices (USB memory sticks, laptops etc.) . If your application contains functionality which depends on the use of these type of devices, then this could well be your biggest source of accidental threat. That is why it is well worth while drawing some Data Flow Diagrams to find out where the data is going within the application - and outside.
Normal good secure development lifecycle practices should protect you against the first four OWASP threat types. For example proper implementation of SQL injection mitigation controls (stored procedures etc.) will prevent mass SQL Injection type attacks from being successful.
Motivated Attacker - Insider ThreatIt is difficult to protect against an "insider attack". It is not easy to stop your DBA walking away with the entire corporate database. Bruce Schneier outlines five basic techniques to help mitigate the insider attack:
- Limit the number of trusted people.
- Ensure that trusted people are also trustworthy - Background checks
- Limit the amount of trust each person has - Compartmentalization
- Give people overlapping spheres of trust -Separation of duties
- Detect breaches of trust after the fact and prosecute the guilty - Audit Trails