- Weakness: software defect (or bug)
- Vulnerability: software weakness that can be exploited
Attack: 3 different properties
- Target: something of value
- Attack Vector: the mean to reach the target
- Threat Actor: the one carrying the attack
- Attack Surface: anything that can be obtained, used or attacked by a threat actor.
Risk = Impact \(\times\) Likelihood
- Impact: the negative outcome of an attack
- Likelihood: the probability of something happening
- Attack Tree: A tree structure that represents attacks against a system. The root node represents the goal of the attacker and the leaf nodes represent the different ways to achieve that goal (see example below)
Attack Library: Detailed list of attacks against a system. Note: don’t rely solely on attack libraries to threat model, they are narrow in focus. Every applications has unique qualities that generalized attack libraries can’t predict.
- CAPEC: MITREs Common Attack Pattern Enumeration and Classification
- OWASP Top10: Web application risks
Simple Attack Tree
Sensitive data breach --> SQL Injection --> Queries not parameterized --> Input not validated --> Inputs not sanitized --> No Object Relation Mapper (ORM) used --> Exposed Files --> Public S3 bucket --> Privilege escalation --> Improper access control