Project Principles Requirements Attack Vectors Project name: Project description:Principles to reuse Address Privacy&Security Assume that external systems are insecure Authenticate users and processes to ensure appropriate access control decisions both within and across domains Authorize after you authenticate Avoid security by obscurity Check the return value of all non-void functions, and check the validity of all function parameters Compartmentalise Complete mediation Computer Security is Constrained by Societal Factors Computer Security Requires a Comprehensive and Integrated Approach Computer Security Responsibilities and Accountability Should Be Made Explicit Computer Security Should Be Cost-Effective Computer Security Should Be Periodically Reassessed Computer Security Supports the Mission of the Organization Data is always protected Defense in depth Design and implement audit mechanisms Design and operate an IT system to limit damage and to be resilient in response. Design for secure updates Design for security properties changing over time Design security to allow for regular adoption of new technology Develop and exercise contingency or disaster recovery procedures to ensure appropriate availability Do not implement unnecessary security mechanisms. Don’t trust infrastructure Don’t trust services (from others) Earn or give, but never assume or trust Ensure proper security in the shutdown or disposal of a system Establish a sound security policy as the“foundation” for design. Establish secure defaults External interface protection Fail-safe default settings for security and access Formulate security measures to address multiple overlapping information domains Identity and authentication Implement layered security (Ensure no single point of vulnerability). Implement least privilege Isolate public access systems from mission critical resources Least privilege Minimize secrets Minimize the system elements to be trusted. Open design Protect information while being processed, in transit, and in storage. Provide assurance that the system is, and continues to be, resilient in the face of expected threats. Reduce risk to an acceptable level. Risk Based Approach to Security Secure use of the service by the consumer Security by Design Sensitive data must be identified Separation between consumers Separation of privilege Strive for operational ease of use. Supply chain security Systems Owners Have Security Responsibilities Outside Their Own Organizations Treat security as an integral part of the overall system design. Use a authentication mechanism that cannot be bypassed Use only Secure Protocols Use standard solutions Use unique identities to ensure accountability Where possible, base security on open standards for portability and interoperability.Requirements to reuse (network)Session lifetime is limited Must Should Could Won't Clock Identity Authentication and Authorization Must Should Could Won't Data logging:Sensitive data is not logged in clear text by the application. Must Should Could Won't Database connections, passwords, keys, or other secrets are not stored in plain text. Must Should Could Won't Encryption keys must be secured Must Should Could Won't FIPS PUB 198-1:The Keyed-Hash Message Authentication Code (HMAC) Must Should Could Won't Privileged Accounts must not be used for non-administrator activities Must Should Could Won't Requirements for Evidence Must Should Could Won't Secure Hash Standard (SHS) – FIPS PUB 180 – 4 Must Should Could Won't Sensitive data is not stored in persistent cookies Must Should Could Won't Sensitive data is transmitted with the HTML POST protocol. Must Should Could Won't SSL is used to protect authentication cookies Must Should Could Won't The certificate must be an X.509v3 certificate Must Should Could Won't The contents of authentication cookies are encrypted Must Should Could Won't User ID must be unique and passwords must be stored in irreversible encrypted form Must Should Could Won't Please select the security risks (attack vectors) that are most relevant for this case:Select the OWASP(2013) test/quality requirements relevant for your project Relevant security personas: A1-Injection A2-Broken Authentication and Session Management A3-Cross-Site Scripting (XSS) A4-Insecure Direct Object References A5-Security Misconfiguration A6-Sensitive Data Exposure A7-Missing Function Level Access Control A8-Cross-Site Request Forgery (CSRF) A9-Using Components with Known Vulnerabilities A10-Unvalidated Redirects and Forwards employee visitor (in person) internet visitor (web) administrator manager director/CEO angry customer competitor/rival neighbourRelevant technical threads for this case Analysis of vulnerabilities in compiled software without source code Anti-forensic techniques Automated probes and scans Automated widespread attacks Cyber-threats & bullying (not illegal in all jurisdictions) Cryptographic Performance Attacks DoS Attacks Email propagation of malicious code Executable code attacks (against browsers) Exploiting Vulnerabilities GUI intrusion tools Industrial espionage Internet social engineering attacks Network sniffers Packet Manipulation Packet spoofing Replay Attack Rogue Master Attack Session-hijacking Sophisticated botnet command and control attacks Spoofing Stealth and other advanced scanning techniques Targeting of specific users Widespread attacks on DNS infrastructure Widespread attacks using NNTP to distribute attack Wide-scale trojan distribution Wide-scale use of worms Widespread, distributed denial-of-service attacks Windows-based remote access trojans (Back Orifice) If you need some help with this tool, please check the manual, or contact us!