none
Data Flow Diagram Guidance RRS feed

  • Question

  • I have an API I am looking to perform threat modeling against. The API has a bunch of different task-based methods that largely fall into to overall scenarios:

    Reads: Caller <===> API <===> Database

    Modifications: Caller ===> API ===> Database

     

    Should I model each API method separately as the input and output vary slightly (though not in a way that I see effects security) or is it sufficient to model the bidirectional operations and one-way operations?

     

    Thursday, October 27, 2011 1:32 PM

Answers

  • Sounds like you should be taking a closer look at the modififications scenario to make sure callers do not change database state in unexpected ways. Modeling the scenarious seperately will result in more threats being generated by the tool and unless you see value in going through an extra set of threats for the additional dataflow, you can avoid drawing the second data flow.


    Ashish Popli
    Wednesday, November 2, 2011 4:33 PM

All replies

  • Sounds like you should be taking a closer look at the modififications scenario to make sure callers do not change database state in unexpected ways. Modeling the scenarious seperately will result in more threats being generated by the tool and unless you see value in going through an extra set of threats for the additional dataflow, you can avoid drawing the second data flow.


    Ashish Popli
    Wednesday, November 2, 2011 4:33 PM
  • Hi,

    If API has all methods dealing with the same sensitive data level, I would not employ a detailed analysis. However, if some methods deal with public data and others with sensitive data such as PII (Personally identifiable information), it’s reasonable to analyze then separately, since their risks are very different.


    Fabricio Braz (PhD)
    Friday, November 4, 2011 8:20 PM