All Articles

Here's a small classification of Types Of Threats In Application Threat Modeling. This was earlier presented in SACON (International Security Architecture Conference) by Nilanjan De [Multiple patents, Zero Day Discovery, Co-Founder at FireCompass]

Types Of Threats :

• Network
• Host
• Application

Threat Against The Network

• Information Gathering
  
  
  • Port Scanning
  • Using trace routing to detect network topologies
  • Using broadcast requests to enumerate subnet hosts
• Eavesdropping
  
  
  • Using packet sniffers to steal passwords
• Denial Of Service (DoS)
  
  
  • SYN floods
  • ICMP echo request floods
  • Malformed packets
• Spoofing
  
  
  • Packets with spoofed source addresses

Threats Against The Host

• Arbitrary Code Execution
  
  
  • Buffer Overflows In ISAP DLLs (eg. MS01-033)
  • Directory Traversal Attacks (MS00-078)

• File Disclosure
  
  
  • Malformed HTR requests (MS01-031)
  • Virtualized UNC share vulnerability (MS00-019)

• Denial Of Service (DoS)
  
  
  • Malformed SMTP requests (MS02-012)
  • Malformed WebDAV requests (MS01-016)
  • Malformed URLs (MS01-012)
  • Brute-force file uploads

• Unauthorized access
  
  
  • Resources with insufficiently restrictive ACLs
  • Spoofing with stolen login credentials

• Exploitation of open ports & protocols
  
  
  • Use NetBIOS and SMB to enumerate hosts
  • Connecting remotely to SQL Server

Threats Against The Application

• SQL Injection
  
  
  • Including a DROP TABLE command in text typed into an input field

• Cross-site scripting
  
  
  • Using malicious client-side script to steal cookies

• Hidden-field tampering
  
  
  • Maliciously changing the value of a hidden field

• Eavesdropping
  
  
  • Using a packet sniffer to steal passwords and cookies from traffic on unencrypted connections

• Session hijacking
  
  
  • Using a stolen session ID cookie to access someone else's session state

• Identity Spoofing
  
  
  • Using a stolen forms authentication cookie to pose as another user

• Information Disclosure
  
  
  • Allowing client to see a stack trace when an unhandled exception occurs

References:

You can view the full presentation here

SACON is the only International Conference On Security Architecture in the region. Who attends : CISO, CRO, CIO, Information Security Experts, IT Risk Professionals, Appsec professionals. Agenda includes SOC, Incident Response, Security Architecture Workshops, Cyber Range Drills, Threat Hunting, IoT Security, Forensics, AI & Machine Learning, Deception & much more. Click here to Pre-Register.