Professional Documents
Culture Documents
Presentado por:
Raúl Alberto Avellaneda – Cód. 79.720.169
Grupo
233004_12
Director:
LUIS FERNANDO ZAMBRANO
Este documento tiene como finalidad seguir paso a paso con la recolección del inventario
informático para realiza la actividad Fase 4 - Realizar Actividad Práctica de Modelado de
Amenazas, A partir de los conocimientos adquiridos en las actividades anteriores y
haciendo uso de la herramienta de Threat Analysis and Modeling Tool 2016, realizar el
modelado de amenazas.
2
Objetivos
3
Actividad a desarrollar
El sistema se basa en arquitectura de una aplicación web de tres capas, donde el cliente
es un navegador que acceder a los servicios proporcionados por el sitio web del centro de
facturación, esta contiene una base de datos de clientes y procesos de facturación, alojada
en un servidor uno de bases de datos y un servidor web que implementa toda la lógica de
negocio.
En la prioridad se determina el resultado del riesgo (bajo, medio o alto) teniendo en cuenta
la suma de la probabilidad de impacto la cual va de 1 a 3, tenga presente que esta
evaluación se hace de forma manual.
4
Por último, se determinan tres posibles salvaguardas Como ayudas de salvaguardas a
incluir en la aplicación, para mitigar las amenazas se incluye el siguiente gráfico:
5
Descripción de Amenazas
6
7
El resto de Threat se aprecia en la plantilla (2-Plantilla Ejerc. Raul Avellaneda)
8
Interaction: Consulta SQL
Categoría: Elevación de privilegio
Descripción: Server SQL puede suplantar el contexto del servidor web para obtener
privilegios adicionales.
Justificación:
Un atacante puede pasar datos a Server SQL para cambiar el flujo de ejecución del
programa dentro del Server SQL a elección del atacante.
Posible bloqueo o detención del proceso para SQL del servidor, Server SQL se bloquea, se
detiene, se detiene o se ejecuta lentamente; en todos los casos violando una métrica de
disponibilidad
Repudio de datos potenciales por SQL Server, el servidor SQL afirma que no recibió datos
de una fuente fuera del límite de confianza. Considere usar el registro o la auditoría para
registrar la fuente, la hora y el resumen de los datos recibidos.
Interaction: Datos
Justificación:
Web en disco puede ser falsificado por un atacante y esto puede conducir a que se
entreguen datos incorrectos al servidor web. Considere usar un mecanismo de
autenticación estándar para identificar el almacén de datos de origen.
Persistent Cross Site Scripting, El servidor web 'Servidor web' podría estar sujeto a un
persistente ataque de secuencias de comandos entre sitios porque no desinfecta las
entradas y salidas de 'web en disco' del almacén de datos.
Débil control de acceso para un recurso, La protección de datos mproper de web en disco
puede permitir que un atacante lea información no destinada a la divulgación. Revisar
configuración de autorización
9
Repudio de datos potenciales por servidor web, Web Server afirma que no recibió datos de
una fuente fuera del límite de confianza. Considere usar el registro o la auditoría para
registrar la fuente, la hora y el resumen de los datos recibidos
Posible bloqueo o detención del proceso para el servidor web, El servidor web se bloquea,
se detiene, se detiene o se ejecuta lentamente; en todos los casos violando una métrica de
disponibilidad.
Interaction: HTTPS
Descripción: Web Server claims that it did not receive data from a source outside the trust
boundary. Consider using logging or auditing to record the source, time, and summary of
the received data
Justificación:
Suplantar el proceso del cliente del navegador, El atacante puede falsificar al navegador y
esto puede provocar el acceso no autorizado al servidor web. Considere usar un
mecanismo de autenticación estándar para identificar el proceso fuente.
Cross Site Scripting, El servidor web 'Servidor web' podría estar sujeto a un ataque de
scripts entre sitios porque no desinfecta las entradas que no son de confianza.
Elevación mediante suplantación, El servidor web puede suplantar el contexto del cliente
del navegador para obtener privilegios adicionales
10
Posible bloqueo o detención del proceso para el servidor web, El servidor web se bloquea,
se detiene, se detiene o se ejecuta lentamente; en todos los casos violando una métrica de
disponibilidad.
Interaction: HTTPS
Justificación:
Elevación mediante suplantación, El cliente del navegador puede suplantar el contexto del
servidor web para obtener privilegios adicionales.
Suplantar el proceso del servidor web, Web Server may be spoofed by an attacker and this
may lead to unauthorized access to Browser Client. Consider using a standard
authentication mechanism to identify the source process.
Repudio de datos potenciales por el cliente del navegador, El cliente del navegador afirma
que no recibió datos de una fuente fuera del límite de confianza. Considere usar el registro
o la auditoría para registrar la fuente, la hora y el resumen de los datos recibidos.
Posible bloqueo o detención del proceso para el cliente del navegador, El cliente del
navegador se bloquea, se detiene, se detiene o se ejecuta lentamente; en todos los casos
violando una métrica de disponibilidad.
11
Flujo de datos HTTPS potencialmente se interrumpe, Un agente externo interrumpe el flujo
de datos a través de un límite de confianza en cualquier dirección.
Interaction: IPsec
Descripción: La base de datos SQL puede ser falsificada por un atacante y esto puede
conducir a que los datos se escriban en el destino del atacante en lugar de la base de datos
SQL. Considere usar un mecanismo de autenticación estándar para identificar el almacén
de datos de destino.
Vulnerabilidad de inyección SQL potencial para base de datos SQL, La inyección SQL es
un ataque en el que se inserta código malicioso en cadenas que luego se pasan a una
instancia de SQL Server para su análisis y ejecución. Cualquier procedimiento que
construya declaraciones SQL debe ser revisado para detectar vulnerabilidades de inyección
porque SQL Server ejecutará todas las consultas sintácticamente válidas que reciba.
Incluso los datos parametrizados pueden ser manipulados por un atacante experto y
determinado.
Consumo de recursos excesivo potencial para el servidor SQL o base de datos SQL,
¿Puede el servidor SQL o SQL Database toman pasos explícitos para controlar el consumo
de recursos? Los ataques de consumo de recursos pueden ser difíciles de manejar, y hay
momentos en los que tiene sentido dejar que el SO haga el trabajo. Tenga cuidado de que
sus solicitudes de recursos no se estanquen y que se agote el tiempo de espera.
Interaction: Procesos
Descripción: El usuario humano puede ser falsificado por un atacante y esto puede
conducir a un acceso no autorizado al cliente del navegador. Considere usar un mecanismo
de autenticación estándar para identificar la entidad externa. Usuario humano.
Justificación:
Elevación mediante suplantación, El cliente del navegador puede suplantar el contexto del
usuario humano para obtener privilegios adicionales
Interaction: Respuesta
12
Descripción: La base de datos SQL puede ser falsificada por un atacante y esto puede
llevar a datos incorrectos entregados a Server SQL. Considere usar un mecanismo de
autenticación estándar para identificar el almacén de datos de origen. Base de datos SQL
Justificación:
Débil control de acceso para un recurso, La protección de datos mproper de la Base de
datos SQL puede permitir que un atacante lea información no destinada a la divulgación.
Revise la configuración de autorización.
Interaction: Respuesta
Descripción: El servidor web 'Servidor web' podría estar sujeto a un ataque de scripts entre
sitios porque no desinfecta las entradas que no son de confianza.
Justificación:
Elevation Using Impersonation, El servidor web puede suplantar el contexto de SQL del
servidor para obtener privilegios adicionales.
Repudio de datos potenciales por servidor web, Web Server afirma que no recibió datos de
una fuente fuera del límite de confianza. Considere usar el registro o la auditoría para
registrar la fuente, la hora y el resumen de los datos recibidos
Posible bloqueo o detención del proceso para el servidor web, El servidor web se bloquea,
se detiene, se detiene o se ejecuta lentamente; en todos los casos violando una métrica de
disponibilidad
Salvaguardas
1. Suplantación SQL
Se puede resolver la suplantación, usando SQL Server Configuration Manager para
cambiar la cuenta de dominio a una cuenta de inicio.
Luego, use SQL Server Configuration Manager para cambiar la cuenta de inicio a una
cuenta de dominio. Al hacer esto, SQL Server Configuration Manager agregará la cuenta
de dominio al grupo de seguridad siguiente:
13
SQLServer2005SQLAgentUser$ComputerName$InstanceName
Por lo tanto, SQL Server Configuration Manager concederá a la cuenta de dominio los
permisos necesarios para ejecutar los trabajos del agente.
Para resolver el problema, siga estos pasos:
Establezca la cuenta del servicio Agente SQL Server de SQL Server Configuration Manager
en la cuenta LocalSystem.
Detenga y luego inicie el servicio Agente SQL Server.
Restablezca la cuenta del servicio Agente SQL Server de SQL Server Configuration
Manager en la cuenta original.
Detenga y luego inicie el servicio Agente SQL Server.
Protecciones contra malware
2. Cross-site scripting
Se debe contar con una solución de seguridad malware o exploits, los cuales apenas se
ejecuten, automáticamente será bloqueada, Además, si se trata de una redirección a algún
sitio de phishing, se cuenta con la protección del antivirus y el bloqueo proactivo por parte
de los navegadores.
No confíes en la entrada
Validar entrada: longitud, rango, formato y tipo
Restrinja, rechace y desinfecte la información
Codificar salida
Autenticación
14
No use la autoridad de seguridad local (LSA)
Evite almacenar información confidencial en el espacio web
Utilice solo la administración local
Informacion delicada
4. Spoofin
Informe Generado:
15
Description:
Assumptions:
External Dependencies:
3 Validation Messages:
1. Error [ignored]: More than one arc trust boundary of the same type on the same
data flow.
2. Error [ignored]: More than one arc trust boundary of the same type on the same
data flow.
4 Consulta SQL Diagram Summary:
Not Started 47
Not Applicable 0
Needs Investigation 0
Mitigation Implemented 0
Total 47
Total Migrated 0
5 Interaction: Consulta SQL
16
1. Elevation Using Impersonation [State: Not Started] [Priority: High]
Category: Elevation Of Privilege
Description: Server SQL may be able to impersonate the context of Web Server
in order to gain additional privilege.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
2. Elevation by Changing the Execution Flow in Server SQL [State: Not
Started] [Priority: High]
Category: Elevation Of Privilege
Description: An attacker may pass data into Server SQL in order to change the
flow of program execution within Server SQL to the attacker's
choosing.
Justification: <no mitigation provided>
Dread-damage: High
Dread- Medium
Reproducibility:
Dread- High
Exploitability:
Dread-Affected High
users:
Dread- High
Discoverablity:
Safeguard 1:
17
Safeguard 2:
Safeguard 3:
3. Server SQL May be Subject to Elevation of Privilege Using Remote Code
Execution [State: Not Started] [Priority: High]
Category: Elevation Of Privilege
Description: Web Server may be able to remotely execute code for Server
SQL.
Justification: <no mitigation provided>
Dread-damage: High
Dread- High
Reproducibility:
Dread-Exploitability: High
Dread-Affected users: High
Dread-Discoverablity: Low
Safeguard 1:
Safeguard 2:
Safeguard 3:
4. Data Flow IPsec Is Potentially Interrupted [State: Not Started] [Priority: High]
Category: Denial Of Service
Description: An external agent interrupts data flowing across a trust boundary in
either direction.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread-Exploitability: High
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
5. Potential Process Crash or Stop for Server SQL [State: Not Started] [Priority:
High]
Category: Denial Of Service
Description: Server SQL crashes, halts, stops or runs slowly; in all cases
violating an availability metric.
Justification: <no mitigation provided>
Dread-damage: Low
Dread- High
Reproducibility:
Dread-Exploitability: Low
18
Dread-Affected High
users:
Dread- Low
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
6. Potential Data Repudiation by Server SQL [State: Not Started] [Priority: High]
Category: Repudiation
Description: Server SQL claims that it did not receive data from a source outside
the trust boundary. Consider using logging or auditing to record the
source, time, and summary of the received data.
Justification: <no mitigation provided>
Dread-damage: High
Dread- High
Reproducibility:
Dread- High
Exploitability:
Dread-Affected High
users:
Dread- High
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
Interaction: Datos
19
7. Cross Site Scripting [State: Not Started] [Priority: High]
Category: Tampering
Description: The web server 'Web Server' could be a subject to a cross-site
scripting attack because it does not sanitize untrusted input.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected High
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
8. Spoofing of Source Data Store web en disco [State: Not Started] [Priority:
High]
Category: Spoofing
Description: web en disco may be spoofed by an attacker and this may lead to
incorrect data delivered to Web Server. Consider using a standard
authentication mechanism to identify the source data store.
Justification: <no mitigation provided>
Dread-damage: Low
Dread- Low
Reproducibility:
Dread- Low
Exploitability:
Dread-Affected Low
users:
Dread- Low
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
9. Persistent Cross Site Scripting [State: Not Started] [Priority: High]
Category: Tampering
Description: The web server 'Web Server' could be a subject to a persistent cross-
site scripting attack because it does not sanitize data store 'web en
disco' inputs and output.
Justification: <no mitigation provided>
Dread-damage: High
20
Dread- High
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
10. Weak Access Control for a Resource [State: Not Started] [Priority: High]
Category: Information Disclosure
Description: Improper data protection of web en disco can allow an attacker to read
information not intended for disclosure. Review authorization settings.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- High
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- High
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
11. Potential Data Repudiation by Web Server [State: Not Started] [Priority:
High]
Category: Repudiation
Description: Web Server claims that it did not receive data from a source outside
the trust boundary. Consider using logging or auditing to record the
source, time, and summary of the received data.
Justification: <no mitigation provided>
Dread-damage: High
Dread- High
Reproducibility:
Dread- High
Exploitability:
Dread-Affected High
users:
Dread- High
Discoverablity:
21
Safeguard 1:
Safeguard 2:
Safeguard 3:
12. Potential Process Crash or Stop for Web Server [State: Not Started] [Priority:
High]
Category: Denial Of Service
Description: Web Server crashes, halts, stops or runs slowly; in all cases
violating an availability metric.
Justification: <no mitigation provided>
Dread-damage: High
Dread- Medium
Reproducibility:
Dread-Exploitability: High
Dread-Affected High
users:
Dread- High
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
13. Data Flow Datos Is Potentially Interrupted [State: Not Started] [Priority: High]
Category: Denial Of Service
Description: An external agent interrupts data flowing across a trust boundary in
either direction.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread-Exploitability: High
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
14. Data Store Inaccessible [State: Not Started] [Priority: High]
Category: Denial Of Service
Description: An external agent prevents access to a data store on the other side
of the trust boundary.
Justification: <no mitigation provided>
Dread-damage: Medium
22
Dread- Medium
Reproducibility:
Dread-Exploitability: High
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
15. Web Server May be Subject to Elevation of Privilege Using Remote Code
Execution [State: Not Started] [Priority: High]
Category: Elevation Of Privilege
Description: web en disco may be able to remotely execute code for Web
Server.
Justification: <no mitigation provided>
Dread-damage: Low
Dread- Low
Reproducibility:
Dread-Exploitability: Medium
Dread-Affected users: Low
Dread-Discoverablity: Low
Safeguard 1:
Safeguard 2:
Safeguard 3:
16. Elevation by Changing the Execution Flow in Web Server [State: Not
Started] [Priority: High]
Category: Elevation Of Privilege
Description: An attacker may pass data into Web Server in order to change the
flow of program execution within Web Server to the attacker's
choosing.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
23
Interaction: HTTPS
17. Potential Data Repudiation by Web Server [State: Not Started] [Priority:
High]
Category: Repudiation
Description: Web Server claims that it did not receive data from a source outside
the trust boundary. Consider using logging or auditing to record the
source, time, and summary of the received data.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
18. Spoofing the Browser Client Process [State: Not Started] [Priority: High]
Category: Spoofing
Description: Browser Client may be spoofed by an attacker and this may lead to
unauthorized access to Web Server. Consider using a standard
authentication mechanism to identify the source process.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Low
Reproducibility:
Dread- Low
Exploitability:
Dread-Affected High
users:
24
Dread- Low
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
19. Cross Site Scripting [State: Not Started] [Priority: High]
Category: Tampering
Description: The web server 'Web Server' could be a subject to a cross-site
scripting attack because it does not sanitize untrusted input.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Low
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
20. Elevation Using Impersonation [State: Not Started] [Priority: High]
Category: Elevation Of Privilege
Description: Web Server may be able to impersonate the context of Browser
Client in order to gain additional privilege.
Justification: <no mitigation provided>
Dread-damage: High
Dread- High
Reproducibility:
Dread- High
Exploitability:
Dread-Affected Medium
users:
Dread- High
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
21. Elevation by Changing the Execution Flow in Web Server [State: Not
Started] [Priority: High]
Category: Elevation Of Privilege
25
Description: An attacker may pass data into Web Server in order to change the
flow of program execution within Web Server to the attacker's
choosing.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
22. Web Server May be Subject to Elevation of Privilege Using Remote Code
Execution [State: Not Started] [Priority: High]
Category: Elevation Of Privilege
Description: Browser Client may be able to remotely execute code for Web
Server.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Low
Reproducibility:
Dread-Exploitability: Low
Dread-Affected users: High
Dread-Discoverablity: Low
Safeguard 1:
Safeguard 2:
Safeguard 3:
23. Data Flow HTTPS Is Potentially Interrupted [State: Not Started] [Priority:
High]
Category: Denial Of Service
Description: An external agent interrupts data flowing across a trust boundary in
either direction.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread-Exploitability: High
Dread-Affected Medium
users:
26
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
24. Potential Process Crash or Stop for Web Server [State: Not Started] [Priority:
High]
Category: Denial Of Service
Description: Web Server crashes, halts, stops or runs slowly; in all cases
violating an availability metric.
Justification: <no mitigation provided>
Dread-damage: High
Dread- Medium
Reproducibility:
Dread-Exploitability: High
Dread-Affected High
users:
Dread- High
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
25. Cross Site Request Forgery [State: Not Started] [Priority: High]
Category: Elevation Of Privilege
Description: Cross-site request forgery (CSRF or XSRF) is a type of attack in which
an attacker forces a user's browser to make a forged request to a
vulnerable site by exploiting an existing trust relationship between the
browser and the vulnerable web site. In a simple scenario, a user is
logged in to web site A using a cookie as a credential. The other
browses to web site B. Web site B returns a page with a hidden form
that posts to web site A. Since the browser will carry the user's cookie
to web site A, web site B now can take any action on web site A, for
example, adding an admin to an account. The attack can be used to
exploit any requests that the browser automatically authenticates, e.g.
by session cookie, integrated authentication, IP whitelisting, … The
attack can be carried out in many ways such as by luring the victim to a
site under control of the attacker, getting the user to click a link in a
phishing email, or hacking a reputable web site that the victim will visit.
The issue can only be resolved on the server side by requiring that all
authenticated state-changing requests include an additional piece of
secret payload (canary or CSRF token) which is known only to the
legitimate web site and the browser and which is protected in transit
through SSL/TLS. See the Forgery Protection property on the flow
stencil for a list of mitigations.
Justification: <no mitigation provided>
Dread-damage: High
27
Dread- High
Reproducibility:
Dread- High
Exploitability:
Dread-Affected High
users:
Dread- High
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
Interaction: HTTPS
26. Web Server Process Memory Tampered [State: Not Started] [Priority: High]
Category: Tampering
Description: If Web Server is given access to memory, such as shared memory or
pointers, or is given the ability to control what Browser Client executes
(for example, passing back a function pointer.), then Web Server can
tamper with Browser Client. Consider if the function could work with less
access to memory, such as passing data rather than pointers. Copy in
data provided, and then validate it.
Justification: <no mitigation provided>
Dread-damage: High
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- High
Discoverablity:
Safeguard 1:
Safeguard 2:
28
Safeguard 3:
27. Elevation Using Impersonation [State: Not Started] [Priority: High]
Category: Elevation Of Privilege
Description: Browser Client may be able to impersonate the context of Web
Server in order to gain additional privilege.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Low
Reproducibility:
Dread- Low
Exploitability:
Dread-Affected High
users:
Dread- Low
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
28. Spoofing the Web Server Process [State: Not Started] [Priority: High]
Category: Spoofing
Description: Web Server may be spoofed by an attacker and this may lead to
unauthorized access to Browser Client. Consider using a standard
authentication mechanism to identify the source process.
Justification: <no mitigation provided>
Dread-damage: High
Dread- High
Reproducibility:
Dread- High
Exploitability:
Dread-Affected High
users:
Dread- High
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
29. Potential Data Repudiation by Browser Client [State: Not Started] [Priority:
High]
Category: Repudiation
Description: Browser Client claims that it did not receive data from a source outside
the trust boundary. Consider using logging or auditing to record the
source, time, and summary of the received data.
Justification: <no mitigation provided>
Dread-damage: Low
29
Dread- Low
Reproducibility:
Dread- Low
Exploitability:
Dread-Affected Low
users:
Dread- Low
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
30. Potential Process Crash or Stop for Browser Client [State: Not
Started] [Priority: High]
Category: Denial Of Service
Description: Browser Client crashes, halts, stops or runs slowly; in all cases
violating an availability metric.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Low
Reproducibility:
Dread-Exploitability: Low
Dread-Affected High
users:
Dread- Low
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
31. Data Flow HTTPS Is Potentially Interrupted [State: Not Started] [Priority:
High]
Category: Denial Of Service
Description: An external agent interrupts data flowing across a trust boundary in
either direction.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread-Exploitability: High
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
30
Safeguard 3:
32. Browser Client May be Subject to Elevation of Privilege Using Remote Code
Execution [State: Not Started] [Priority: High]
Category: Elevation Of Privilege
Description: Web Server may be able to remotely execute code for Browser
Client.
Justification: <no mitigation provided>
Dread-damage: High
Dread- High
Reproducibility:
Dread-Exploitability: High
Dread-Affected users: High
Dread-Discoverablity: Medium
Safeguard 1:
Safeguard 2:
Safeguard 3:
33. Elevation by Changing the Execution Flow in Browser Client [State: Not
Started] [Priority: High]
Category: Elevation Of Privilege
Description: An attacker may pass data into Browser Client in order to change the
flow of program execution within Browser Client to the attacker's
choosing.
Justification: <no mitigation provided>
Dread-damage: High
Dread- Medium
Reproducibility:
Dread- High
Exploitability:
Dread-Affected High
users:
Dread- High
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
Interaction: IPsec
31
34. Spoofing of Destination Data Store SQL Database [State: Not
Started] [Priority: High]
Category: Spoofing
Description: SQL Database may be spoofed by an attacker and this may lead to
data being written to the attacker's target instead of SQL Database.
Consider using a standard authentication mechanism to identify the
destination data store.
Justification: <no mitigation provided>
Dread-damage: High
Dread- High
Reproducibility:
Dread- High
Exploitability:
Dread-Affected Medium
users:
Dread- High
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
35. Potential SQL Injection Vulnerability for SQL Database [State: Not
Started] [Priority: High]
Category: Tampering
Description: SQL injection is an attack in which malicious code is inserted into strings
that are later passed to an instance of SQL Server for parsing and
execution. Any procedure that constructs SQL statements should be
reviewed for injection vulnerabilities because SQL Server will execute
all syntactically valid queries that it receives. Even parameterized data
can be manipulated by a skilled and determined attacker.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Low
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
36. Potential Excessive Resource Consumption for Server SQL or SQL
Database [State: Not Started] [Priority: High]
32
Category: Denial Of Service
Description: Does Server SQL or SQL Database take explicit steps to control
resource consumption? Resource consumption attacks can be hard to
deal with, and there are times that it makes sense to let the OS do the
job. Be careful that your resource requests don't deadlock, and that they
do timeout.
Justification: <no mitigation provided>
Dread-damage: High
Dread- Medium
Reproducibility:
Dread- High
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
Interaction: Procesos
37. Spoofing the Human User External Entity [State: Not Started] [Priority: High]
Category: Spoofing
Description: Human User may be spoofed by an attacker and this may lead to
unauthorized access to Browser Client. Consider using a standard
authentication mechanism to identify the external entity.
Justification: <no mitigation provided>
Dread-damage: High
Dread- High
Reproducibility:
Dread- High
Exploitability:
Dread-Affected High
users:
33
Dread- High
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
38. Elevation Using Impersonation [State: Not Started] [Priority: High]
Category: Elevation Of Privilege
Description: Browser Client may be able to impersonate the context of Human
User in order to gain additional privilege.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Low
Reproducibility:
Dread- Low
Exploitability:
Dread-Affected High
users:
Dread- Low
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
Interaction: Respuesta
39. Spoofing of Source Data Store SQL Database [State: Not Started] [Priority:
High]
Category: Spoofing
Description: SQL Database may be spoofed by an attacker and this may lead to
incorrect data delivered to Server SQL. Consider using a standard
authentication mechanism to identify the source data store.
Justification: <no mitigation provided>
Dread-damage: High
Dread- High
Reproducibility:
34
Dread- High
Exploitability:
Dread-Affected Medium
users:
Dread- High
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
40. Weak Access Control for a Resource [State: Not Started] [Priority: High]
Category: Information Disclosure
Description: Improper data protection of SQL Database can allow an attacker to
read information not intended for disclosure. Review authorization
settings.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- High
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- High
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
Interaction: Respuesta
35
Safeguard 1:
Safeguard 2:
Safeguard 3:
42. Elevation Using Impersonation [State: Not Started] [Priority: High]
Category: Elevation Of Privilege
Description: Web Server may be able to impersonate the context of Server SQL
in order to gain additional privilege.
Justification: <no mitigation provided>
Dread-damage: High
Dread- High
Reproducibility:
Dread- High
Exploitability:
Dread-Affected Medium
users:
Dread- High
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
43. Potential Data Repudiation by Web Server [State: Not Started] [Priority:
High]
Category: Repudiation
Description: Web Server claims that it did not receive data from a source outside
the trust boundary. Consider using logging or auditing to record the
source, time, and summary of the received data.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
44. Potential Process Crash or Stop for Web Server [State: Not Started] [Priority:
High]
Category: Denial Of Service
Description: Web Server crashes, halts, stops or runs slowly; in all cases
violating an availability metric.
36
Justification: <no mitigation provided>
Dread-damage: High
Dread- Medium
Reproducibility:
Dread-Exploitability: High
Dread-Affected High
users:
Dread- High
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
45. Data Flow IPsec Is Potentially Interrupted [State: Not Started] [Priority: High]
Category: Denial Of Service
Description: An external agent interrupts data flowing across a trust boundary in
either direction.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread-Exploitability: High
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
46. Web Server May be Subject to Elevation of Privilege Using Remote Code
Execution [State: Not Started] [Priority: High]
Category: Elevation Of Privilege
Description: Server SQL may be able to remotely execute code for Web
Server.
Justification: <no mitigation provided>
Dread-damage: High
Dread- High
Reproducibility:
Dread-Exploitability: High
Dread-Affected users: High
Dread-Discoverablity: High
Safeguard 1:
Safeguard 2:
Safeguard 3:
37
6 47. Elevation by Changing the Execution Flow in Web Server [State: Not
Started] [Priority: High]
Category: Elevation Of Privilege
Description: An attacker may pass data into Web Server in order to change the
flow of program execution within Web Server to the attacker's
choosing.
Justification: <no mitigation provided>
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:
38
Conclusión
Con la utilización de la herramienta Threat Analysis and Modeling Tool 2016 se lleva a cabo
el diagrama objeto a estudiar, mencionando la amenaza que más se presenta,
mencionando el activo de información que más presenta amenaza junto con el Informe
generado por la herramienta.
39
Referencias Bibliográficas
Hablemos de Spoofing, agosto 26, 2010 / Carlos Garcia ciyi, en línea tomado de:
https://hacking-etico.com/2010/08/26/hablemos-de-spoofing/
40