Threat pattern libraries

Track:Threat Model
When:Wed PM-2
Where:Larch
OrganizersSteven Wierckx Steven Wierckx , Steven van der Baan Steven van der Baan
ParticipantsTash Norris Tash Norris
Remote ParticipantsJonathan Marcil Jonathan Marcil

This session will be the start of a sub-project for threat modeling that will be lead by Steven and Steven that will create a database of attacks and mitigations that will be categorised in some kind of pattern.

##outcomes

This is the data format in which we are going to record the data:

Threat file 1 ID (generated)

2 Description As an attacker I want to … By … <how does an attacker do this?> Or by … <how does an attacker do this?>

    (optional multiple)
    As an attacker
    I want to ... <cause an impact>
    By ... <how does an attacker do this?>
    Or by ... <how does an attacker do this?>

3 References List

4 See also Mapping List of … List of …

5 Tags List (limited list of tags)

6 Origin Project & Project ID

Mitigation file 1 ID (generated)

2 Description As an defender I want to Prevent <threat?> By … <how does an defender do this?> Or by … <how does an defender do this?>

    (optional multiple, cover the mapping of threats)
    As an defender
    I want to Prevent <threat?>
    By ... <how does an defender do this?>
    Or by ... <how does an defender do this?>

3 References List

4 See also Mapping List of … List of …

5 Tags List (limited list of tags)

6 Origin Project & Project ID

Mappings Threat -> mitigation (risidual risk) Mitigation -> threat (is in the mitigation file under description) Threat -> Threat Mitigation -> mitigation Mitigation -> threat (a mitigation can cause a new threat to appear) -> causes chains of mitigations to be implemented Threat -> external reference (CAPEC, CVE, CWE) Mitigation -> external reference? Threat -> examples Mitigation -> examples Threat -> symptoms Threat -> threat -> kill chain

Action points

  • check pytm to use a better/more efficient format

Additional references that miht prove interesting: https://www.owasp.org/index.php/OWASP_Proactive_Controls
Technical migitation https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project
https://cwe.mitre.org/top25/mitigations.html
 https://cwe.mitre.org/top25/mitigations.html

Register as participant

To register as participant add Threat pattern libraries to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page

Back to list of all Working Sessions
Updated: 2020-11-16 17:16:19 -0300 -0300, Version: 56a88b5