jueves, 27 de octubre de 2011 13:32
I have an API I am looking to perform threat modeling against. The API has a bunch of different task-based methods that largely fall into to overall scenarios:
Reads: Caller <===> API <===> Database
Modifications: Caller ===> API ===> Database
Should I model each API method separately as the input and output vary slightly (though not in a way that I see effects security) or is it sufficient to model the bidirectional operations and one-way operations?
Todas las respuestas
miércoles, 02 de noviembre de 2011 16:33Propietario
Sounds like you should be taking a closer look at the modififications scenario to make sure callers do not change database state in unexpected ways. Modeling the scenarious seperately will result in more threats being generated by the tool and unless you see value in going through an extra set of threats for the additional dataflow, you can avoid drawing the second data flow.
viernes, 04 de noviembre de 2011 20:20
If API has all methods dealing with the same sensitive data level, I would not employ a detailed analysis. However, if some methods deal with public data and others with sensitive data such as PII (Personally identifiable information), it’s reasonable to analyze then separately, since their risks are very different.
Fabricio Braz (PhD)
- Propuesto como respuesta SDL TeamModerator miércoles, 16 de noviembre de 2011 21:10