Java Reference
In-Depth Information
6.3.2 Threat Modeling
As we already know, the threat-modeling process aims at answering the
how
part of threat, to
understand the threats and their efects on a Web application and its environment. While threat
proiling is a basic understanding of the threats and their potential efects on the Web application,
threat modeling becomes a technical phase that details the various vulnerabilities and exploits
to understand how the critical information assets in the Web application may be breached. he
threat-modeling phase also aims at capturing the impact of the exploit by capturing details of its
severity and ease of attack. his information is required while framing an appropriate protection
strategy for the Web application subsequently. Let us now explore the threat models for a single
threat proile identiied by Panthera. he threat models will be categorized based on the severity
of the exploit. he high-severity threat models for the threat proile are listed in Table 6.4. hreat
models for all the other identiied threat proiles and scenarios may be developed in a similar
manner.
he medium-severity threat models for the threat proile are listed in Table 6.5, while the low-
severity threat models are listed in Table 6.6.
6.4 Risk Mitigation Strategy—Formulation of Detailed Security
Features for Panthera's e-Commerce Application
Risk mitigation strategy essentially requires that controls for the critical information assets be ascer-
tained, formulated, and designed based on the results of the threat-proiling and threat-modeling
processes. During the threat-modeling phase, several possible vulnerabilities have been listed as
the cause for the exploit scenarios envisioned. Controls need to be designed, developed, and tested
based on these vulnerabilities. However, it must be noted that application design and speciications
might undergo change during the course of the application development life cycle. At these points,
it may be necessary to revisit the risk assessment performed earlier and update it as necessary.
he risk mitigation strategy for Panthera takes into consideration the results of the threat-
modeling process, industry best practices for Web application security, and some of the speciic
applicable requirements of the PCI-DSS and PA-DSS, as they are applicable security compliance
standards for Panthera's business.
6.4.1 Authentication and Authorization
Authentication
can be succinctly deined as the mechanism by which systems can recognize their
users. Authentication aims at identifying the users of a system, validating whether or not they are
actually part of the system, and ensuring that they are who they claim to be. Authentication is
generally established through the use of “usernames” and “passwords,” where usernames are used
to identify the user and passwords are used as means of proving the user's identity. he concept
and implementation of authentication and authorization processes will be dealt with in detail in
Chapter 7.
Based on the threat-modeling process and compliance requirements, authentication and
authorization are key elements in Web application security. Some of the functionality that is to be
incorporated as part of the authentication and authorization mechanism of Panthera's e-commerce
application has been drawn from security compliance requirements and industry best practices,
Search WWH ::
Custom Search