PASTA Threat Modeling for a Sneaker App

OWASP Top 10, PASTA Framework, Threat Modeling, App Security Assessment, Risk Mitigation, Threat Analysis, Vulnerability Analysis

Contents

Scenario

I am part of the growing security team at a company for sneaker enthusiasts and collectors. The business is preparing to launch a mobile app that makes it easy for their customers to buy and sell shoes. I am performing a threat model of the application using the PASTA framework.

Objectives

Go through each of the seven stages of the framework to identify security requirements for the new sneaker company app.

Results

Threat Model

Stages Information
1. Define business and security objectives User data is being collected and stored through the app. They want users to feel that data is being protected and kept private. Interaction between buyers and sellers should be easy with zero friction. Proper payment handling is important to avoid legal issues, so compliance with PCI DSS is critical.
2. Define the technical scope Technologies used by the app:
  • API - the app is built by combining several third-party software components
  • PKI - the app uses AES and RSA encryption algorithms to encrypt sensitive user data and to facilitate key exchange
  • SHA256 - used to protect user passwords
  • SQL - used to query sneaker inventory and seller information from a database
I prioritize SQL over other technologies because SQL injection attacks are common attack methods that threat actors use to compromise and exfiltrate sensitive data from databases. This prioritization coincides with the company's concern with data privacy.
3. Decompose application Dataflow diagram1
4. Threat analysis Threats can include:
  • Malware installation by an internal threat actor from the development team
  • DDoS attack could be carried out on the database
  • API injection attacks
  • Pass-the-hash attack can occur if an threat actor executes a successful SQL injection attack that targets hashed passwords
5. Vulnerability analysis Vulnerabilities can include:
  • Lack of prepared statements and input validation to prevent injection attacks
  • Using untrustworthy CAs to receive digital certificates from and not using a hierarchal trust model to establish a properly validated trust chain
  • Lack of MFA to prevent unauthorized account access as a result of path-the-hash attacks
  • Lack of code signing to help detect code tampering and prevent malware installation
6. Attack modeling Attack tree1
7. Risk analysis and impact Security controls that can reduce risk:
  • Prepared statements and input validation to prevent injection attacks
  • NGFW and IDS/IPS to help mitigate the impact DDoS attacks
  • MFA to improve access controls
  • Code signing to help detect tampering with the app’s source code by internal or external threats

1 For the sake of brevity, the data diagram and attack tree have been truncated. In real-world scenarios, these diagrams are much more detailed and complex.

Back to top