Java Reference
In-Depth Information
the network access, as Web applications are exploited only via network access, either from inside
the organization or from outside the organization.
5.4.3.4 Threat Outcome
hreat outcome
is one of the most important concepts in our understanding of threats. hreat
outcome refers to the ultimate result of a threat identifying and exploiting a given vulnerability in
a system. he outcome of the same revolves around the CIA Triad. When a threat actor exploits
vulnerability, the result is always one or more of the following:
◾
Loss of conidentiality
◾
Loss of integrity
◾
Loss of availability
When a hacker gains access to an organization's user database via a SQL injection attack, he
will have access to customer details and other sensitive information. his situation is when the
hacker (threat actor) gains access to the data via the Internet using a browser (threat access) and
steals user details and other sensitive information of customers from the organization's user data-
base, resulting in a loss of conidentiality (threat outcome). Furthermore, if the hacker accesses
the database and is able to modify certain values in the database tables, the threat outcome would
now amount to loss of integrity. Figure 5.7 explores the relationship between the various hreat
relationships.
5.4.4 Threat Proiling and Threat Modeling
Understanding threats and their outcomes requires an important set of activities to be performed
as part of the risk assessment. A comprehensive understanding of threats and their efects is imper-
ative to develop a clear and efective protection strategy to counter the multifarious threats that
might actively exploit vulnerabilities in a Web application, as and when they are identiied. he
following two processes are essential for a detailed understanding of threats and their outcomes:
hreats-Conceptual Relationship Model
hreat Actor
Uses
hreat Access
To Exploit and Provide
hreat
Outcome
Figure 5.7
Diagram for understanding concepts of threat analysis.
Search WWH ::
Custom Search