Before you jump in and spend time and resources testing, it s a good idea for you to finish developing your threat model so you have a clear, organized approach to testing. The next key part of developing a threat model is to make an actual list of threats associated with the functionality being modeled . The list of entry points can be used as a starting point. You need to think about all of the data that enters the functionality, how it is used, and how it might be maliciously used to cause undesirable results. Because testers break software as part of their job, with practice, they often come up with some of the better threats against an application.
Tips for identifying threats |
|
Although we could fill several pages with threats against the e-mail Web page functionality mentioned earlier, we mention only a few here:
Spam A malicious user inserts an advertisement in the message body (the area intended for a user to enter a brief message for the recipient) sent to the recipient, enabling the malicious user to spam arbitrary e-mail addresses.
Mail bomb A malicious user makes many requests to send e-mail to the same address in hopes of flooding the recipient s mailbox.
Sender repudiation The recipient of the e-mail message is unable to determine who requested that the e-mail message be sent.
Information disclosure through e-mail E-mail sent to the recipient contains information about the internal network hosting the feature.
Information disclosure through HTTP response The HTTP response contains information about the internal network hosting the feature.
Denial of service through malformed requests A malformed HTTP request crashes the server.
Arbitrary code execution through malformed requests A malformed HTTP request allows arbitrary code execution ”for example, buffer overflow, integer overflow, or format string vulnerability.
Important | It is important for you to list all threats, regardless of whether they have been mitigated, so that you can later generate test cases where necessary. If you don t document all threats, they ll get lost and you won t have test cases for them. |