Questions tagged [threat-modeling]

The process of describing possible threats and analyzing their possible affect on target systems.

Threat modeling is an organised way to identify threats (potential risks) in an application and its environment. A matured threat model also helps in the process of risk assessment by assisting in informed decision making and impact assessment.

The in-scope topics for this tag would include - Threat modeling tools, severity and impact assessment, architecture review, Data flow diagrams etc.

132 questions
141
votes
12 answers

Is public Wi-Fi a threat nowadays?

In my opinion, arguments we have been using for years to say that public Wi-Fi access points are insecure are no longer valid, and so are the recommended remedies (e.g. use VPN). Nowadays, most sites use HTTPS and set HSTS headers, so the odds that…
The Illusive Man
  • 10,487
  • 16
  • 56
  • 88
127
votes
8 answers

Why is storing passwords in version control a bad idea?

My friend just asked me: "why is it actually that bad to put various passwords directly in program's source code, when we only store it in our private Git server?" I gave him an answer that highlighted a couple of points, but felt it wasn't…
62
votes
4 answers

What is a threat model, and how do I make one?

I asked a question on what I need to do to make my application secure, when somebody told me: That depends on your threat model. What is a threat model? How do I make a threat model for my application?
user163495
59
votes
1 answer

What's the Impact of the CloudFlare Reverse Proxy Bug? ("#CloudBleed")

In Project Zero #1139, it was disclosed that CloudFlare had a bug which disclosed uninitialized memory, leaking private data sent through them via SSL. What's the real impact?
50
votes
5 answers

Should the average user with no special access rights be worried about SMS-based 2FA being theoretically interceptable?

Security experts are constantly discouraging users from using SMS-based 2FA systems, usually because of worries the auth code could be intercepted by an attacker, either through a SIM swap or a MitM attack. The problem I see with this statement is…
Nzall
  • 7,313
  • 6
  • 29
  • 45
41
votes
4 answers

Evaluating the security of home security cameras

My parents have a vacation home out in the country and are looking to setup a home surveillance system for remote viewing. I've heard that there can be serious vulnerabilities in these products. What are some guidelines I could use to help evaluate…
mercurial
  • 898
  • 1
  • 9
  • 17
29
votes
7 answers

When do honest people need privacy or anonymity? (e.g. they have nothing to hide)

I'm having a discussion with someone who thinks they don't need technical measures of privacy or anonymity. Common arguments against needing to care about privacy or anonymity include: Everything about them can be Googled or searched from public…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
28
votes
3 answers

Help me find a lightweight threat modeling framework

We're a small company and we do not have resources that we can dedicate to heavyweight threat modeling. However, if we could find a threat modeling framework that was pretty lightweight I think there is value in documenting the data flows and…
Jason
  • 581
  • 5
  • 12
20
votes
7 answers

Could you anonymously upload a file on the internet if the threat model was the entire world trying to find your identity after you do so?

Thought experiment: You need to upload a file, and the threat model is the entire world trying to find out who you are after you do so. I know this is absurd, but bear with me, it's a thought experiment, where the scenario is the following: You are…
Tom
  • 313
  • 1
  • 7
16
votes
5 answers

Where does the root of trust actually lie?

We are told that the roots of trust in the PKI are the handful of Certificate Authorities that issue root certificates and sign other certificates and ensure at least some extent of trust to be maintained on the internet. These root certificates…
16
votes
2 answers

What is the threat model for AWS EBS volumes encryption?

AWS provides the ability to encrypt EBS volumes, the value of which I am wondering about. In the "Overview of Security Processes (October 2016)" whitepaper, page 24, they say: Encryption of sensitive data is generally a good security practice, …
Greendrake
  • 669
  • 1
  • 8
  • 17
16
votes
6 answers

Mitigating forensic memory acquisition when an attacker has physical access to a workstation

My question regards whether or not the mitigations I use are appropriate for my threat model. Please don't jump to conclusions and say "you need to use locks" or "you can't leave your computer unattended" without first reading at least my threat…
forest
  • 64,616
  • 20
  • 206
  • 257
15
votes
2 answers

How easy/difficult is it to spoof DNS? Are some scenarios safer/more risky than others?

Practically speaking, how easy difficult is it to spoof DNS? What scenarios are more risky than others? For example: A phishing email or twitter link that attracts users to click a hyperlink A link on an internal sharepoint site on a different…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
11
votes
3 answers

What use does a BIOS/EFI password have?

I have become quite a password-obsessed individual. I password-protect my HDDs, my files, and now even the BIOS/EFI on the various systems I own. But I have discovered that if you forget your BIOS password, it is easy (enough) to simply reset…
connor
  • 111
  • 3
9
votes
5 answers

Can I improve website security by storing SSL Keys in DNS? Is DNSSec required? Are threat models available?

In light of recent attacks on SSL/TLS communication, people have been asking about ways to improve the security of SSL webserver communication. Several great solutions have been mentioned in the following links (example 1, 2, 3 and blog…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
1
2 3
8 9