TUHH/secure-software-engineering
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a6ee250635
secure-software-engineering/Exercise/Writeup/lab03.md
Michael Chen a6ee250635
Risk Analysis
2022-06-07 10:53:48 +02:00

872 B
Raw Blame History

Lab 3

Stride examples

DFD-Element Concern Example Likelihood Impact
User Spoofing Send a chat message in the name of another user Possible Moderate
User Spoofing Stolen credentials might be used to login Unlikely Severe
User Login Tampering Modify HTTP login header Very Likely Severe
Login Denial of Service Flood server with login requests Unlikely Minor
Login Spoofing Domain spoofing to impersonate server Very Unlikely Severe
Login Tampering Tamper the credentials of the user Unlikely Significant
Database Information Disclosure SQL Injection Likely Severe

Notes:

  • At this point in modeling we have to assume, we have no security features.
  • Modifying HTTP headers thus results in a risk treatment that we require secure connections