Data Flow Diagram Guidance
-
27. října 2011 13:32
I have an API I am looking to perform threat modeling against. The API has a bunch of different task-based methods that largely fall into to overall scenarios:
Reads: Caller <===> API <===> Database
Modifications: Caller ===> API ===> Database
Should I model each API method separately as the input and output vary slightly (though not in a way that I see effects security) or is it sufficient to model the bidirectional operations and one-way operations?
Všechny reakce
-
2. listopadu 2011 16:33Vlastník
Sounds like you should be taking a closer look at the modififications scenario to make sure callers do not change database state in unexpected ways. Modeling the scenarious seperately will result in more threats being generated by the tool and unless you see value in going through an extra set of threats for the additional dataflow, you can avoid drawing the second data flow.
Ashish Popli- Navržen jako odpověď SDL TeamModerator 2. listopadu 2011 22:05
- Označen jako odpověď SDL TeamModerator 16. listopadu 2011 21:10
-
4. listopadu 2011 20:20
Hi,
If API has all methods dealing with the same sensitive data level, I would not employ a detailed analysis. However, if some methods deal with public data and others with sensitive data such as PII (Personally identifiable information), it’s reasonable to analyze then separately, since their risks are very different.
Fabricio Braz (PhD)- Navržen jako odpověď SDL TeamModerator 16. listopadu 2011 21:10
