Fork me on GitHub

Dimension Build and Deployment

Unter-Dimension Build

Defined build process

Risk and Opportunity

Risk: Performing builds without a defined process is error prone. For example, as a result of incorect security related configuration.
Opportunity: A well defined build process lowers the possibility of errors during the build process.

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Low

Additional Information

Implementation hints: Jenkins, Docker
OWASP SAMM 2 Mapping: i-secure-build|A|1

Regular tests

Risk and Opportunity

Risk: After pushing source code to the version control system, any elay in receiving feedback on defects makes them harder for the developer to remediate.
Opportunity: On each push and/or at given intervals automatic security tests are performed.

Exploit details

Usefullness: Low
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

OWASP SAMM 2 Mapping: i-secure-build|A|3

Signing of artefacts

Risk and Opportunity

Risk: Unauthorized manipulation of artefacts might be difficult to spot. For example, this may result in images with malicious code in the Docker registry.
Opportunity: Digitally signing artefacts for all steps during the build and specally docker images, helps to ensure their integrity.

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low

Additional Information

Dependencies: Defined build process
Implementation hints:
OWASP SAMM 1 Mapping: OA3-B
OWASP SAMM 2 Mapping: i-secure-build|A|1

Signing of code

Risk and Opportunity

Risk: Unauthorized manipulation of source code might be difficult to spot.
Opportunity: Digitally signing commits helps to prevent unauthorized manipulation of source code.

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low

Additional Information

Dependencies: Defined build process
OWASP SAMM 1 Mapping: OA3-B
OWASP SAMM 2 Mapping: i-secure-build|A|2

Building and testing of artefacts in virtual environments

Risk and Opportunity

Risk: While building and testing artefacts, third party systems, application frameworks and 3rd party libraries are used. These might be malicious as a result of vulnerable libraries or because they are altered during the delivery phase.
Opportunity: Each step during within the build and testing phase is performed in a separate virtual environments, which is destroyed afterward.

Exploit details

Usefullness: Low
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low

Additional Information

Implementation hints: Docker
OWASP SAMM 2 Mapping: TODO

Unter-Dimension Deployment

Defined deployment process

Risk and Opportunity

Risk: Deployments without a defined process are error prone thus allowing old or untested artefact to be deployed.
Opportunity: A defined deployment process significantly lowers the likelihood of errors during the deployment phase.

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Implementation hints: Jenkins, Docker
OWASP SAMM 2 Mapping: i-secure-deployment|A|1

Inventory of running artifacts

Risk and Opportunity

Risk: In case a vulnerability of severity high or critical exists, it needs to be known where an artifacts with that vulnerability is deployed with which dependencies.
Opportunity:

Exploit details

Usefullness: Medium
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Dependencies: Defined deployment process
Implementation hints: Kubernetes Admission Controller can whitelist registries and/or whitelist a signing key.
OWASP SAMM 2 Mapping: o-incident-management|TODO

Backup before deployment

Risk and Opportunity

Risk: If errors are experienced during the deployment process you want to deploy an old release. However, due to changes in the database this is often unfeasible.
Opportunity: Performing automated backups before deployment can help facilitate deployments whilst testing the backup restore processes.

Exploit details

Usefullness: High
Required knowledge: Very Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Dependencies: Defined deployment process
Implementation hints: A complete database dabackup might be performed*. For large and complex environments, a Point in Time Recovery for databases should be implemented.
OWASP SAMM 1 Mapping: OE2-A
OWASP SAMM 2 Mapping: TODO

Environment depending configuration parameters

Risk and Opportunity

Risk: Attackers who compromise source code can see confidential access information like database credentials.
Opportunity: Configuration parameters are set for each environment not in the source code.

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

OWASP SAMM 1 Mapping: SA2-A
OWASP SAMM 2 Mapping: i-secure-deployment|B|2 TODO might be 1

Usage of trusted images

Risk and Opportunity

Risk: Developers or operations might start random images in the production cluster which have malicous code or known vulnerabilities.
Opportunity:

Exploit details

Usefullness: Medium
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Dependencies:
Implementation hints: Kubernetes Admission Controller can whitelist registries and/or whitelist a signing key.
OWASP SAMM 2 Mapping: i-secure-build|A|3

Handover of confidential parameters

Risk and Opportunity

Risk: Attackers who compromise a system can see confidential access information like database credentials. Parameters are often used to set credentials, for example by starting containers or applications. These parameters can often be seen by any one listing running processes on the target system.
Opportunity: By using encryption, it is harder to read credentials , e.g. from the file system. Also, the usage of a credential management system can help protect credentials.

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Dependencies: Environment depending configuration parameters
OWASP SAMM 1 Mapping: SA2-A
OWASP SAMM 2 Mapping: i-secure-deployment|B|2 TODO might be 1

Rolling update on deployment

Risk and Opportunity

Risk: While a deployment is performed, the application can not be reached.
Opportunity: A deployment without downtime is performed*.

Exploit details

Usefullness: Low
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low

Additional Information

Dependencies: Defined deployment process
Implementation hints: Docker, Webserver, rolling update
OWASP SAMM 2 Mapping: TODO

Same artefact for environments

Risk and Opportunity

Risk: Building of an artefact for different environments means that an untested artefact might reach the production environment.
Opportunity: Building an artefact once and deploying it to different environments means that only tested artefacts are allowed to reach the production environment

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Dependencies: Defined build process
Implementation hints: Docker
OWASP SAMM 1 Mapping: OE2-A
OWASP SAMM 2 Mapping: TODO

Usage of feature toggles

Risk and Opportunity

Risk: By using environment dependent configuration, some parameters will not be tested correctly. i.e.
if (host == 'production') {} else {}
Opportunity: Usage of environment independend configration parameter, called feature toggles, helps to enhance the test coverage.

Exploit details

Usefullness: Low
Required knowledge: Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Dependencies: Same artefact for environments
Implementation hints: Docker
OWASP SAMM 1 Mapping: EG1-B
OWASP SAMM 2 Mapping: TODO

Blue/Green Deployment

Risk and Opportunity

Risk: A new artefact version can have unknown defects.
Opportunity: By having multiple production environments, a deployment can be performent on the first environment to spot possible defects before it is deployment in the production environment(s)

Exploit details

Usefullness: Low
Required knowledge: Very Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Dependencies: Smoke Test
Implementation hints: Blue/Green Deployments
OWASP SAMM 2 Mapping: TODO

Dimension Culture and Org.

Unter-Dimension Education and Guidance

Security consulting on request

Risk and Opportunity

Risk: Not asking a security expert when questions regarding security appear might lead to flaws.
Opportunity: Security consulting to teams is given on request. The security consultants can be internal or external.

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

OWASP SAMM 1 Mapping: EG2-B

Each team has a security champion

Risk and Opportunity

Risk: No one feels directly responsible for security and the securiy champion does not have enough time to allocate to each team.
Opportunity: Each team defines an individual to be responsible for security. These individuals are often referred to as 'security champions'

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Very Low

Additional Information

Implementation hints: https://www.owasp.org/index.php/Security_Champions_Playbook
OWASP SAMM 1 Mapping: EG2-B

Reward of good communication

Risk and Opportunity

Risk: Employees are not getting excited about security.
Opportunity: Good communication and transparency encourages cross-organisational support. Gamification of security is also known to help, examples include T-Shirts, giftcards and 'High-Fives'.

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Very Low

Additional Information

Implementation hints: One example is the distributon of buttons as a reward, see OWASP Security Buttons Project

Conduction of build-it, break-it, fix-it contests

Risk and Opportunity

Risk: Understanding security is hard, even for security champions and the conduction of security training often focuses on breaking a component instead of building a component secure.
Opportunity: The build-it, break-it, fix-it contest allows to train people with security related roles like security champions the build, break and fix part of a secure application. This increases the learning of building secure components.

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very Low

Additional Information

Implementation hints: https://builditbreakit.org/

Conduction of collaborative security checks with develoeprs and system administrators

Risk and Opportunity

Risk: Security checks by external companies do not increase the understanding of an application/system for internal employees.
Opportunity: Periodically security reviews of source code (SCA), in which security SME, developers and operatins are envolved, are effectve at increasing the robusteness of software and the security knowledge of the teams involved.

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Very Low

OWASP SAMM 1 Mapping: IR1-B

Security-Lessoned-Learned

Risk and Opportunity

Risk: After an incident, a simular incident might reoccur.
Opportunity: Running a 'lessons learned' ession after an incident helps drive continuous improvement. Regular meetings with security shampions are a good place to share and discuss lessons learned.

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very Low

OWASP SAMM 1 Mapping: IM-3, ST-3, SR2-B

Aligning security in teams

Risk and Opportunity

Risk: The concept of Security Champions might suggest that only he/she is repsonsible for security. However, everyone in the project team should be responsible for security.
Opportunity: By aligning security SME with project teams, a higher security standard can be achieved.

Exploit details

Usefullness: Very High
Required knowledge: High (two disciplines)
Required time: Very High
Required resources (systems): Very Low

Additional Information

Implementation hints: Security SME are involved in discussion for requirements analysis, software design and sprint planning to provide guidance and suggestions.
OWASP SAMM 1 Mapping: EG2-B

Conduction of collaborative team security checks

Risk and Opportunity

Risk: Developement teams hlimited insight over security practices.
Opportunity: Mutual security testing the security of other teams's project enhances security awareness and knowledge.

Exploit details

Usefullness: Low
Required knowledge: High (two disciplines)
Required time: High
Required resources (systems): Low

OWASP SAMM 1 Mapping: EG2-A

Conduction of war games

Risk and Opportunity

Risk: Understanding incident response plans during an incident is hard and ineffective.
Opportunity: War Games like activities help train for incidents. Security SMEs create attack scenarios in a testing environment enabling the rainees to learn how to react in case of an incident.

Exploit details

Usefullness: Low
Required knowledge: High (two disciplines)
Required time: Very High
Required resources (systems): Very High

Unter-Dimension Culture and Org.

Information security tragets are communicated

Risk and Opportunity

Risk: Employees don't known their organication security targets. Therefore security is not considered during development and administration as much as it should be.
Opportunity: Transparent and timely communication of the security targets by senior management is essential to ensure teams' buy-in and support.

Exploit details

Usefullness: High
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

OWASP SAMM 1 Mapping: SM1-B

Creation of simple abuse stories

Risk and Opportunity

Risk: User stories mostly don't consider security implications. Security flaws are discovered too late in the development and deployment process.
Opportunity: Abuse stories are created during the creation of user stories.

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Implementation hints: Don't Forget EVIL User Stories and Practical Security Stories and Security Tasks for Agile Development Environments
OWASP SAMM 1 Mapping: TA2-A

Conduction of simple threat modelling on business level

Risk and Opportunity

Risk: Business related threats are discovered too late in the development and deployment process.
Opportunity: Threat modelling of business functionality is performed during the product backlog creation to facilitate early detection of security defects.

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Very Low

OWASP SAMM 1 Mapping: TA1-A

Conduction of simple threat modelling on technical level

Risk and Opportunity

Risk: Technical related threats are discovered too late in the development and deployment process.
Opportunity: Threat modelling of technical features is performed during the product sprint planning.

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Very Low

OWASP SAMM 1 Mapping: TA1-A

Conduction of advanced threat modelling

Risk and Opportunity

Risk: Inadequate identification of business and technical risks.
Opportunity: Threat modelling is performed by using reviewing user stories and producing security driven data flow diagramms.

Exploit details

Usefullness: Medium
Required knowledge: High (two disciplines)
Required time: Medium
Required resources (systems): Low

OWASP SAMM 1 Mapping: TA2-B

Creation of advanced abuse stories

Risk and Opportunity

Risk: Simple user stories are not going deep enough. Relevant security considerations are performed. Security flaws are discovered too late in the development and deployment process
Opportunity: Advanced abuse stories are created as part of threat modelling activities.

Exploit details

Usefullness: High
Required knowledge: High (two disciplines)
Required time: Low
Required resources (systems): Very Low

Additional Information

Dependencies: Creation of simple abuse stories
Implementation hints: Don't Forget EVIL User Stories and Practical Security Stories and Security Tasks for Agile Development Environments
OWASP SAMM 1 Mapping: TA2-A

Unter-Dimension Process

Definition of simple BCDR practices for citical components

Risk and Opportunity

Risk: In case of an emergency, like a power outage, DR actions to perform are not clear. This leads to reaction and remediation delays.
Opportunity: By understanding and documenting a business continuity and disaster recovery (BCDR) plan, the overall availabilitiy of systems and applications is increased. Success factors like responsibilties, Service Level Agreemenmts, Recovery Point Objectives, Recovery Time Objectives or Failover must be fully documentate and understood.

Exploit details

Usefullness: High
Required knowledge: High (two disciplines)
Required time: Medium
Required resources (systems): Low

Approval by reviewing any new version

Risk and Opportunity

Risk: An individual might forget to implement security measures to protect source code or infrastructure components.
Opportunity: On each new version (e.g. Pull Request) of source code or infrastructure components a security peer review of the changes is performed (two eyes principle) and approval given by the reviewer.

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

OWASP SAMM 1 Mapping: IR1-B

Definition of a change mangement process

Risk and Opportunity

Risk: The impact of a change is not controlled because these are not recorded or documented.
Opportunity: Each change of a system is automatically recorded and adequately logged.

Exploit details

Usefullness: Medium
Required knowledge: High (two disciplines)
Required time: Medium
Required resources (systems): Very Low

Prevention of unauthorized installation

Risk and Opportunity

Risk: Unapproved components are used.
Opportunity: Components must be whitelisted. Regular scans on the docker infrastructure (e.g. cluster) need to be performed, to verify that only standardized base images are used.

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Implementation hints: Example: All docker images used by teams need to be based on standard images.
Comments: By preventing teams from trying out new components, innovation might be hampered

Dimension Information Gathering

Unter-Dimension Monitoring

Simple application metrics

Risk and Opportunity

Risk: Attacks on an application are not recognized.
Opportunity: Gathering of application metrics helps to identify incidents like brute force attacks, login/logout.

Exploit details

Usefullness: Very High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low

Additional Information

Implementation hints: Prometheus
OWASP SAMM 2 Mapping: o-incident-management|A|1

Simple system metrics

Risk and Opportunity

Risk: Without simple metrics analysis of incidents are hard. In case an application uses a lot of CPU from time to time, it is hard for a developer to find out the source with linux commands.
Opportunity: Gathering of system metrics helps to identify incidents and specially bottlenecks like in CPU usage, memory usage and hard disk usage.

Exploit details

Usefullness: Very High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low

Additional Information

Implementation hints: collectd
OWASP SAMM 2 Mapping: o-incident-management|A|1

Alerting

Risk and Opportunity

Risk: Incidents are discovered after they happend.
Opportunity: Thresholds for metrics are set. In case the thresholds are reached, alarms are send out. Which should get attention due to the critically.

Exploit details

Usefullness: Very High
Required knowledge: Low (one discipline)
Required time: Very High
Required resources (systems): Very High

Additional Information

Dependencies: Visualized metrics
OWASP SAMM 1 Mapping: OE1-B
OWASP SAMM 2 Mapping: o-operational-management|B|3

Visualized metrics

Risk and Opportunity

Risk: Not vizualized metrics lead to restricted usage of metrics.
Opportunity: Metrics are vizualized in real time in a user friendly way.

Exploit details

Usefullness: Medium
Required knowledge: Very Low (one discipline)
Required time: Low
Required resources (systems): Low

Additional Information

Dependencies: Simple application metrics, Simple system metrics
OWASP SAMM 2 Mapping: o-incident-management|A|2

Advanced availablity and stability metrics

Risk and Opportunity

Risk: Trends and advanced attacks are not detected.
Opportunity: Advanced metrics are gathered in relation to availability and stability. For example unplanned downtimes per year.

Exploit details

Usefullness: High
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Low

Additional Information

Dependencies: Simple application metrics, Visualized metrics
OWASP SAMM 2 Mapping: o-incident-management|A|2

Advanced webapplication metrics

Risk and Opportunity

Risk: People are not looking into tests results. Vulnerabilities not recolonized, even they are detected by tools.
Opportunity: All defects from the dimension Test- and Verification are instrumented.

Exploit details

Usefullness: High
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Low

Additional Information

Dependencies: Simple application metrics, Visualized metrics
OWASP SAMM 2 Mapping: o-incident-management|A|2

Deactivation of unused metrics

Risk and Opportunity

Risk: High resources are used while gathering unused metrics.
Opportunity: Deactivation of unused metrics helps to free resources.

Exploit details

Usefullness: Very High
Required knowledge: Low (one discipline)
Required time: Very High
Required resources (systems): Very High

Additional Information

Dependencies: Visualized metrics
OWASP SAMM 2 Mapping: o-incident-management|A|1

Grouping of metrics

Risk and Opportunity

Risk: The analysis of metrics takes long.
Opportunity: Meaningful grouping of metrics helps to speed up analysis.

Exploit details

Usefullness: Low
Required knowledge: Low (one discipline)
Required time: High
Required resources (systems): Low

OWASP SAMM 2 Mapping: o-incident-management|A|2

Targeted alerting

Risk and Opportunity

Risk: People are bored (irodiert) of incident alarm messages, as they are not responsbile to react.
Opportunity: By the defintion of target groups for incidents people are only getting alarms for incidents they are in charge for.

Exploit details

Usefullness: Very High
Required knowledge: Low (one discipline)
Required time: Very High
Required resources (systems): Very High

Additional Information

Dependencies: Alerting
OWASP SAMM 1 Mapping: OE1-B
OWASP SAMM 2 Mapping: o-operational-management|B|3

Coverage and control metrics

Risk and Opportunity

Risk: The effectiveness of configuration, patch and vulnerablity management is unknown.
Opportunity: Usage of Coverage- and control-metrics to show the effectivness of the security programm. Coverage is the degree in which a specific security control for a specifc target group is applied with all resoucres. The control degree shows the actual application of security standards and security-guidelines. Examples are gathering information on anti-virus, anti-rootkits, patch management, server configuration and vulnerability management.

Exploit details

Usefullness: High
Required knowledge: Medium (two disciplines)
Required time: Very High
Required resources (systems): Low

Additional Information

Dependencies: Visualized metrics
Implementation hints: https://ht.transparencytoolkit.org/FileServer/FileServer/OLD%20Fileserver/books/SICUREZZA/Addison.Wesley.Security.Metrics.Mar.2007.pdf
OWASP SAMM 2 Mapping: o-incident-management|A|2

Defence metrics

Risk and Opportunity

Risk: IDS/IPS systems like packet- or application-firewalls detect and prevent attacks. It is not known how many attacks has been detected and blocked.
Opportunity: Gathering of defence metrics like TCP/UDP sources enables to assume the geographic location of the requeist.

Exploit details

Usefullness: High
Required knowledge: Medium (two disciplines)
Required time: Very High
Required resources (systems): Low

Additional Information

Dependencies: Visualized metrics
OWASP SAMM 2 Mapping: o-incident-management|A|2

Metrics are combined with tests

Risk and Opportunity

Risk: Changes might cause high load due to programming errors.
Opportunity: Metrics during tests helps to identify programming errors.

Exploit details

Usefullness: Very High
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Low

Additional Information

Dependencies: Grouping of metrics
OWASP SAMM 2 Mapping: o-incident-management|A|2

Screens with metric visualization

Risk and Opportunity

Risk: Security related information is discovered too late during an incident.
Opportunity: By having an internal accessable screen with a security related dashboards helps to visualize incidents.

Exploit details

Usefullness: Very High
Required knowledge: Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Dependencies: Grouping of metrics
OWASP SAMM 2 Mapping: o-incident-management|A|2

Unter-Dimension Logging

Centralized system logging

Risk and Opportunity

Risk: Local stored system logs can be unauthorized manipulated by attackers or might be corrupt after an incident. In addition, it is hard to perform a aggregation of logs.
Opportunity: By using centralized logging logs are protected against unauthorized modification.

Exploit details

Usefullness: Low
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Implementation hints: rsyslog, Logstash
OWASP SAMM 2 Mapping: o-incident-management|A|1

Logging of security events

Risk and Opportunity

Risk: No track of security-relevant events makes it harder to analyse an incident.
Opportunity: Security-relevant events like login/logout or creation, change, deletion of users should be logged.

Exploit details

Usefullness: High
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Dependencies: PII logging concept
Implementation hints: rsyslog, logstash, fluentd, bash
OWASP SAMM 2 Mapping: o-incident-management|A|1

PII logging concept

Risk and Opportunity

Risk: Personal identifiable information (PII) is logged and the law of GDPR is not followed.
Opportunity: A concept how to log PII is documented and applied.

Exploit details

Usefullness: Very Low
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Implementation hints: rsyslog, logstash, fluentd, bash
OWASP SAMM 2 Mapping: o-incident-management|A|1

Visualized logging

Risk and Opportunity

Risk: System and application protocols are not visualized properly which leads to no or very limited logging assessment. Specally developers might have difficulty to read applications logs with unusually tools like the Linux tool 'cat'
Opportunity: Protocols are visualized in a simple to use real time monitoring system. The GUI gives the ability to search for specal attributes in the protocol.

Exploit details

Usefullness: High
Required knowledge: Very Low (one discipline)
Required time: Medium
Required resources (systems): Medium

Additional Information

Dependencies: Centralized system logging, Centralized application logging
Implementation hints: ELK-Stack
OWASP SAMM 2 Mapping: o-incident-management|A|1

Centralized application logging

Risk and Opportunity

Risk: Local stored logs can be unauthorized manipulated by attackers with system access or might be corrupt after an incident. In addition, it is hard to perform an correlation of logs. This leads attacks, which can be performed silently.
Opportunity: A centralized logging system is used and applications logs (including application exceptions) are shipped to it.

Exploit details

Usefullness: Very High
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Dependencies: Visualized logging, Alerting
OWASP SAMM 1 Mapping: SA2-B
OWASP SAMM 2 Mapping: o-incident-management|A|1

Correlation of security events

Risk and Opportunity

Risk: Detection of security related events with hints on different systems/tools/metrics is not possible.
Opportunity: Events are correlated on one system. For example the correlation and visualisationof enhance login tries combined with successfull logins.

Exploit details

Usefullness: Medium
Required knowledge: High (two disciplines)
Required time: High
Required resources (systems): High

Additional Information

Dependencies: Visualized logging, Alerting
OWASP SAMM 2 Mapping: o-incident-management|A|2

Dimension Infrastructure

Unter-Dimension Infrastructure Hardening

Segmentated networks for virtual environments

Risk and Opportunity

Risk: Virtual environments in default settings are able to access other virtual environments on the network stack. By using virtual machines, it is often possible to connect to other virtual machines. By using docker, one bridge is used by default so that all containers on one host can communicate with each other.
Opportunity: The communication between virtual environments is regulated.

Exploit details

Usefullness: Very High
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Medium

Additional Information

Dependencies:
Implementation hints:
OWASP SAMM 2 Mapping: o-environment-management|A|1

Simple access control for systems

Risk and Opportunity

Risk: Attackers a gaining access to interal systems and application interfaces
Opportunity: All internal systems are using simple authentication

Exploit details

Usefullness: Very High
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Medium

Additional Information

Dependencies: Defined deployment process
Implementation hints: HTTP-Basic Authentication, TLS, VPN
OWASP SAMM 1 Mapping: EH1-B
OWASP SAMM 2 Mapping: o-environment-management|A|1

Usage of test and production environments

Risk and Opportunity

Risk: Security tests are not running reculary because test environments are missing
Opportunity: A production and a production like envirnoment is used

Exploit details

Usefullness: High
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very High

Additional Information

Dependencies: Defined deployment process
OWASP SAMM 2 Mapping: o-environment-management|A|1

Applications are running in virtualized environments

Risk and Opportunity

Risk: Through a vulnerability in one service on a server, the attacker gains access to other services.
Opportunity: Application are running in virtualized envirnoments

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very High

OWASP SAMM 2 Mapping: o-environment-management|A|1

Checking the sources of used libraries

Risk and Opportunity

Risk: Application and system libraries can have implementation flaws or deployment flaws.
Opportunity: Each libraries source is checked to have a trusted source.

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very Low

OWASP SAMM 1 Mapping: SA1-A
OWASP SAMM 2 Mapping: o-environment-management|A|1

The cluster is hardened

Risk and Opportunity

Risk: Using default configurations for a cluster enviroment leads to potential risks.
Opportunity: Harden cluster enviroments according to best practices.

Exploit details

Usefullness: High
Required knowledge: High (two disciplines)
Required time: Medium
Required resources (systems): Low

Additional Information

Implementation hints:
OWASP SAMM 2 Mapping: o-environment-management|A|1

Usage of security by default for components

Risk and Opportunity

Risk: Components (images, libraries, applications) are not hardened.
Opportunity: Hardening of components is important, specially for image on which other teams base on. Hardening should be performed on the operation system and on the services inside (e.g. Nginx or a Java-Application).

Exploit details

Usefullness: Medium
Required knowledge: High (two disciplines)
Required time: Medium
Required resources (systems): Very Low

Additional Information

Dependencies: Defined build process
Implementation hints: For applications: Check default encoding, managing secrets, crypto, authentication
OWASP SAMM 2 Mapping: o-environment-management|A|1

Virtual environments are limited

Risk and Opportunity

Risk: Denail of service (intenenally by an attacker or uninteninally by a bug) on one service effects other services
Opportunity: All virtual envirnoments are using resource limits on hard disks, memory and CPU

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Medium

Additional Information

Dependencies: Applications are running in virtualized environments
OWASP SAMM 2 Mapping: o-environment-management|A|1

2FA

Risk and Opportunity

Risk: One factor authentication is simple to bruteforce
Opportunity: Two factor authentication for all privileged accounts on systems and applications

Exploit details

Usefullness: High
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Medium

Additional Information

Implementation hints: Smartcard, YubiKey, SMS
OWASP SAMM 2 Mapping: TODO

Immutable Infrastructure

Risk and Opportunity

Risk: The availability of IT systems might be disturbed due to components failures
Opportunity: Redundancies in the IT systems

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Dependencies: Infrastructure as Code
Implementation hints: Remove direct access to infrastructure
OWASP SAMM 2 Mapping: o-environment-management|A|1

Infrastructure as Code

Risk and Opportunity

Risk: No tracking of changes in systems might lead to errors in the configuration. In additions, it might lead to unauthorized changes. An examples is jenkins.
Opportunity: Systems are setup by code. A full enviorement can be provisioned. In addition, software like Jenkins 2 can be setup and configured in in code too. The code should be stored in a version control system.

Exploit details

Usefullness: High
Required knowledge: Medium (two disciplines)
Required time: Very High
Required resources (systems): High

Additional Information

Implementation hints: GitOps, Ansible, Chef, Puppet, Jenkinsfile
OWASP SAMM 2 Mapping: o-environment-management|A|1

Role based authentication and authorization

Risk and Opportunity

Risk: Everyone is able to get unauthorized access to information on systems or to modify information unauthorized on systems.
Opportunity: The usage of a (role based) access control helps to restrict system access to authorized users.

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Very Low

Additional Information

Dependencies: Defined deployment process, Defined build process
Implementation hints: Verzeichnisdienst, Plugins
OWASP SAMM 2 Mapping: o-environment-management|A|1

Versioning

Risk and Opportunity

Risk: Changes to production systems can not be undone.
Opportunity: Versioning of artifacts related to production environments. For example Jenkins configuration, docker images, system provisioning code.

Exploit details

Usefullness: Very High
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Medium

Additional Information

Dependencies: Defined deployment process
OWASP SAMM 2 Mapping: o-environment-management|A|1

Limitation of system calls in virtual environments

Risk and Opportunity

Risk: System calls in virtual environments like docker can lead to privilege escalation.
Opportunity: System calls in virtual environments like docker are audited and limited.

Exploit details

Usefullness: Very High
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Medium

Additional Information

Dependencies: Applications are running in virtualized environments
Implementation hints: seccomp, strace
OWASP SAMM 2 Mapping: o-environment-management|A|1

Microservice-Architecture

Risk and Opportunity

Risk: Monolithic applications are hard to test.
Opportunity: A microservice-architecture helps to have small components, which are easy to test.

Exploit details

Usefullness: Medium
Required knowledge: High (two disciplines)
Required time: Very High
Required resources (systems): Very High

OWASP SAMM 1 Mapping: SA2
OWASP SAMM 2 Mapping: o-environment-management|A|1

Production near environments are used by developers

Risk and Opportunity

Risk: In case an errors occurs in production, the developer need to be able to create a production near environment on a local development environment.
Opportunity: Usage of infrastructure as code helps to create a production near environment. The developer needs to be trained in order to setup a local develipment environment. In addition, it should be possible to create production like test data. Often peronal identifiable information is anonymised in order to comply with data protection laws.

Exploit details

Usefullness: High
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Medium

Additional Information

Dependencies: Defined deployment process, Infrastructure as Code
OWASP SAMM 1 Mapping: SA1
OWASP SAMM 2 Mapping: o-environment-management|A|1

Usage of a chaos monkey

Risk and Opportunity

Risk: Due to manuel changes on a system, they are not replaceable anymore. In case of a crash it might happen that a planned redudant system is unavailable. In addation, it is hard to replay manual changes.
Opportunity: A randomized peridically shutdown of systems makes sure, that nobody will perform manuall changes to a system.

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Very High
Required resources (systems): Very High

OWASP SAMM 2 Mapping: o-environment-management|A|1

Dimension Test and Verification

Unter-Dimension Dynamic depth for applications

Simple Scan

Risk and Opportunity

Risk: Deficient security tests are performed. Simple vulnerabilities are not detected and missing security configurations (e.g. headers) are not set. Fast feedback is not given.
Opportunity: A simple scan is performed to get a security baseline. In case the test is done in under 10 minutes, it should be part of the build and deployment process.

Exploit details

Usefullness: Low
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Very Low

Additional Information

Dependencies: Defined build process
Implementation hints:
OWASP SAMM 1 Mapping: ST2
OWASP SAMM 2 Mapping: v-security-testing|A|1

Coverage of client side dynamic components

Risk and Opportunity

Risk: Parts of the service are not covered during the scan, because JavaScript is not getting executed. Therefore, the co
Opportunity: Usage of a spider which executes dynamic content like JavaScript, e.g. via Selenium.

Exploit details

Usefullness: High
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very Low

Additional Information

Dependencies: Usage of different roles
Implementation hints: Ajax Spider
OWASP SAMM 1 Mapping: ST-2
OWASP SAMM 2 Mapping: v-security-testing|A|2

Usage of different roles

Risk and Opportunity

Risk: Parts of the service are not covered during the scan, because a login is not performed.
Opportunity: Integration of authentication with all roles used in the service.

Exploit details

Usefullness: Low
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very Low

Additional Information

Dependencies: Simple Scan
OWASP SAMM 2 Mapping: v-security-testing|A|2

Coverage of hidden endpoints

Risk and Opportunity

Risk: Hidden endpoints of the service are not getting tracked.
Opportunity: Hidden endpoints are getting detected and included in the vulnerability scan.

Exploit details

Usefullness: Very High
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Very Low

Additional Information

Dependencies: Usage of different roles
Implementation hints: cURL, OpenAPI
OWASP SAMM 2 Mapping: v-security-testing|A|2

Coverage of more input vectors

Risk and Opportunity

Risk: Parts of the service are not covered. For example specially formatted or coded parameters are not getting detected as parameter (e.g. parameters in REST-like URLs, parameters in JSON-Format or base64-coded parameters).
Opportunity: Special parameter and special encodings are defined, so that they get fuzzed by the used vulnerability scanners.

Exploit details

Usefullness: High
Required knowledge: Very High (three or more disciplines)
Required time: Very High
Required resources (systems): Very Low

Additional Information

Dependencies: Usage of different roles
OWASP SAMM 2 Mapping: v-security-testing|A|2

Coverage of sequential operations

Risk and Opportunity

Risk: Sequential operations like workflows (e.g. login -> put products in the basked
Opportunity: Sequential operations are defined and checked by the vulnerability scanner in the defined order.

Exploit details

Usefullness: Very High
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very Low

Additional Information

Dependencies: Usage of different roles
Implementation hints: cURL
OWASP SAMM 2 Mapping: v-security-testing|A|2

Usage of multiple scanners

Risk and Opportunity

Risk: Each vulnerability scanner has different opportunities. By using just one scanner, some vulnerabilities might not be found.
Opportunity: Usage of multiple spiders and scanner enhance the coverage and the vulnerabilities.

Exploit details

Usefullness: Very Low
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very High

Additional Information

Dependencies: Usage of different roles
Implementation hints: SecureCodeBox
OWASP SAMM 2 Mapping: v-security-testing|A|2

Coverage analysis

Risk and Opportunity

Risk: Parts of the service are not still covered.
Opportunity: Check that there are no missing paths in the application with coverage-tools.

Exploit details

Usefullness: High
Required knowledge: High (two disciplines)
Required time: Very High
Required resources (systems): Medium

Additional Information

Implementation hints: OWASP Code Pulse
OWASP SAMM 2 Mapping: v-security-testing|A|2

Coverage of service to service communication

Risk and Opportunity

Risk: Service to service communication is not covered.
Opportunity: Service to service communication is dumped and checked.

Exploit details

Usefullness: Medium
Required knowledge: High (two disciplines)
Required time: Very High
Required resources (systems): Low

Additional Information

Dependencies: Simple Scan
OWASP SAMM 2 Mapping: v-security-testing|A|2

Unter-Dimension Static depth for applications

Test of middleware components with known vulnerabilities

Risk and Opportunity

Risk: Components of the middleware might have vulnerabilities.
Opportunity: Tests for known vulnerabilities in components of the middleware are performed.

Exploit details

Usefullness: Very High
Required knowledge: Very Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Dependencies: Defined build process
Implementation hints: OWASP Dependency Check
OWASP SAMM 1 Mapping: SA
OWASP SAMM 2 Mapping: v-security-testing|A|2

Static analysis for important server side components

Risk and Opportunity

Risk: Important parts in the source code of the middleware have vulnerabilities.
Opportunity: Usage of static analysis tools for important parts of the middleware are used. Static analysis uses for example string matching algorithms and/or dataflowanalysis.

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Dependencies: Defined build process
Implementation hints: eslint, FindSecurityBugs, jsprime
OWASP SAMM 2 Mapping: v-security-testing|A|2

Static analysis for important client side components

Risk and Opportunity

Risk: Important parts in the source code of the frontend have vulnerabilities.
Opportunity: Usage of static analysis tools for important parts of the frontend are used. Static analysis uses for example string matching algorithms and/or dataflowanalysis.

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Dependencies: Defined build process
Implementation hints:
OWASP SAMM 2 Mapping: v-security-testing|A|2

Test of client side components with known vulnerabilities

Risk and Opportunity

Risk: Client side components might have vulnerabilities.
Opportunity: Tests for known vulnerabilities in components of the frontend are performed.

Exploit details

Usefullness: Low
Required knowledge: Very Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Dependencies: Defined build process
Implementation hints:
OWASP SAMM 2 Mapping: v-security-testing|A|2

Usage of multiple scanners

Risk and Opportunity

Risk: Each vulnerability scanner has different opportunities. By using just one scanner, some vulnerabilities might not be found.
Opportunity: Usage of multiple static tools to find more vulnerabilities.

Exploit details

Usefullness: Very Low
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very High

Additional Information

Dependencies: Usage of different roles
OWASP SAMM 2 Mapping: v-security-testing|A|2

Exclusion of source code duplicates

Risk and Opportunity

Risk: Duplicates in source code might influence the stability of the application.
Opportunity: Automatic Detection and manual removal of duplicates in source code.

Exploit details

Usefullness: Very Low
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Dependencies: Defined build process
Implementation hints: PMD
OWASP SAMM 2 Mapping: v-security-testing|A|2

Static analysis for all components/libraries

Risk and Opportunity

Risk: Used components like libraries and legacy applications might have vulnerabilities
Opportunity: Usage of a static analysis for all used components.

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: High
Required resources (systems): Low

Additional Information

Dependencies: Static analysis for important client side components, Static analysis for important server side components
OWASP SAMM 2 Mapping: v-security-testing|A|2

Static analysis for all self written components

Risk and Opportunity

Risk: Parts in the source code of the frontend or middleware have vulnerabilities.
Opportunity: Usage of static analysis tools for all parts of the middleware and frontend. Static analysis uses for example string matching algorithms and/or dataflowanalysis.

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Dependencies: Static analysis for important client side components, Static analysis for important server side components
Implementation hints: eslint, FindSecurityBugs, jsprime
OWASP SAMM 2 Mapping: v-security-testing|A|2

Stylistic analysis

Risk and Opportunity

Risk: False source code indenting might lead to vulnerabilites.
Opportunity: Analysis of compliance to style guides of the source code ensures that source code indenting rules are met.

Exploit details

Usefullness: Very Low
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Implementation hints: PMD
OWASP SAMM 2 Mapping: v-security-testing|A|2

Unter-Dimension Test-Intensity

Default settings for intensity

Risk and Opportunity

Risk: Time pressure and ignorance might lead to false predictions for the test intensity.
Opportunity: The intensitiy of the used tools are not modified to safe time.

Exploit details

Usefullness: Very Low
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

OWASP SAMM 2 Mapping: v-security-testing|A|1

Deactivating of unneeded tests

Risk and Opportunity

Risk: As tools cover a wide range of different vulnerability tests, they might not match the used compoents. Therefore, they need more time and resources as they need and the feedback loops takes too much time.
Opportunity: Unneeded tests are deactivated. For example in case the service is using a mongo database and no mysql database, the dynamic scan doesn't need to test for sql injections.

Exploit details

Usefullness: Very Low
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Very Low

OWASP SAMM 2 Mapping: v-security-testing|A|2

Creation and application of a testing concept

Risk and Opportunity

Risk: Scans might use a too small or too high test intensity.
Opportunity: A testing concept considering the amount of time per scan/intensity is created and applied. A dynamic analysis needs more time than a static analysis. The dynamic scan, depending on the test intensity might be performed on every commit, every night, every week or once in a month.

Exploit details

Usefullness: Low
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Medium

OWASP SAMM 2 Mapping: v-security-testing|A|2

High test intensity

Risk and Opportunity

Risk: A too small intensity or a too high confidence might lead to not visible vulnerabilities.
Opportunity: A deep scan with high test intensity and a low confidence threshold is performed.

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very High

OWASP SAMM 2 Mapping: v-security-testing|A|2

Unter-Dimension Consolidation

Definition of quality gates

Risk and Opportunity

Risk: Improper examination of vulnerabilities leads to no visibility at all.
Opportunity: Quality gates for found vulnerabilities are defined. In the start it is important to not overload the security analyst, therefore the recommendation is to start with alerting of high cirital vulnerabilities.

Exploit details

Usefullness: High
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

OWASP SAMM 1 Mapping: IR2-A
OWASP SAMM 2 Mapping: i-defect-management|A|2

Simple false positive treatment

Risk and Opportunity

Risk: As false positive occure during each test, all vulnerabilities might be ignored.
Opportunity: False positives are suppressed so they will not show up on the next tests again.

Exploit details

Usefullness: High
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Implementation hints: Most security tools have the possibility to suppress false positives.
OWASP SAMM 1 Mapping: IR2-A
OWASP SAMM 2 Mapping: i-defect-management|A|2

Simple visualization of defects

Risk and Opportunity

Risk: The security level of a component is not visible. Therefore, the motivation to enhance the security is not give.
Opportunity: Vulnerabilties are simple visualized.

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Implementation hints:
OWASP SAMM 2 Mapping: i-defect-management|B|1

Integration of vulnerability issues into the development process

Risk and Opportunity

Risk: To read console output of the build server to search for vulnerabilities might be difficult. Also, to check a vulnerability management system might not be a daily task for a developer.
Opportunity: Vulnerabilities are tracked in the teams issue system (e.g. jira).

Exploit details

Usefullness: Low
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Implementation hints: Bei SAST: Serverseitige/klientenseitige Teams können einfach erfasst werden. Bei Mikroservice-Architektur können einzelne Mikroservices i.d.R. Teams zugewiesen werden. Bei DAST: Schwachstellen sind klassifiziert und können serverseitigen und klientenseitigen Teams zugewiesen werden.
OWASP SAMM 2 Mapping: i-defect-management|B|2

Treatment of defects with severity middle

Risk and Opportunity

Risk: Vulnerabilities with severity middle are not visible.
Opportunity: Vulnerabilities with severity middle are added to the quality gate.

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Comments: False positive analysis, specially for static analysis, is time consuming.
OWASP SAMM 2 Mapping: i-defect-management|B|2

Advanced visualization of defects

Risk and Opportunity

Risk: Correlation of the vulnerabilities of different tools to have an overview of the the overall security level per component/project/team is not given.
Opportunity: Findings are visualized per component/project/team.

Exploit details

Usefullness: Low
Required knowledge: Low (one discipline)
Required time: High
Required resources (systems): Very Low

Additional Information

Implementation hints:
OWASP SAMM 2 Mapping: i-defect-management|B|1

Reproducible defect tickets

Risk and Opportunity

Risk: Vulnerability descriptions are hard to understand by staff from operations and development.
Opportunity: Vulnerabilities include the test procedure to give the staff from operations and development the ability to reproduce vulnerabilities. This enhances the understanding of vulnerabilities and therefore the fix have a higher quality.

Exploit details

Usefullness: Low
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Low

Additional Information

Implementation hints: Mozilla Zest
OWASP SAMM 2 Mapping: i-defect-management|B|2

Treatment of all defects

Risk and Opportunity

Risk: Vulnerabilities with serverity low are not visible.
Opportunity: All vulnerabilities are added to the quality gate.

Exploit details

Usefullness: Low
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Very Low

Usage of a vulnerability management system

Risk and Opportunity

Risk: Maintenance of false positives in each tool enforces a high workload. In addition a correlation of the same finding from different tools is not possible.
Opportunity: Aggregation of vulnerabilities in one tool reduce the workload to mark false positives.

Exploit details

Usefullness: Low
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Low

Additional Information

Implementation hints:
OWASP SAMM 2 Mapping: i-defect-management|B|1

Unter-Dimension Application tests

Security unit tests for important components

Risk and Opportunity

Risk: Vulnerabilities are rising due to code changes.
Opportunity: Usage of unit tests to test important security related features like authentication and authorization.

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: High
Required resources (systems): Low

Additional Information

Implementation hints:
Comments: Die Integration von Modultests findet schon während der Entwicklung statt, es wird auf Schwachstellen in Sub-Routinen, Funktionen, Module, Bibliotheken usw. geprüft.
OWASP SAMM 1 Mapping: ST2-B
OWASP SAMM 2 Mapping: v-security-testing|B|3

Security integration tests for important components

Risk and Opportunity

Risk: Vulnerabilities are rising due to code changes in a complex microservice environment.
Opportunity: Implementation of essential security related integration tests. For example for authentication and authorization.

Exploit details

Usefullness: Low
Required knowledge: Medium (two disciplines)
Required time: High
Required resources (systems): Low

Additional Information

Implementation hints: HttpUnit
OWASP SAMM 1 Mapping: ST2-B
OWASP SAMM 2 Mapping: v-security-testing|B|3

High coverage of security related module and integration tests

Risk and Opportunity

Risk: Vulnerabilities are rising due to code changes in a complex microservice environment in not important components.
Opportunity: Implementation of security related tests via unit tests and integration tests. Including the test of libraries, in case the are not tested already.

Exploit details

Usefullness: Medium
Required knowledge: Very High (three or more disciplines)
Required time: Very High
Required resources (systems): Medium

OWASP SAMM 1 Mapping: ST2-B
OWASP SAMM 2 Mapping: v-security-testing|B|3

Smoke Test

Risk and Opportunity

Risk: During a deployment an error might happen which leads to non-availablity of the system, a part of the system or a feature.
Opportunity: Integration tests are performed against the production environment after each deployment.

Exploit details

Usefullness: Low
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low

Additional Information

Dependencies: Defined deployment process
OWASP SAMM 1 Mapping: ST2-B
OWASP SAMM 2 Mapping: v-security-testing|B|3

Unter-Dimension Dynamic depth for infrastructure

Test network segmentation

Risk and Opportunity

Risk: Wrong or no network segmentation of pods makes it easyer for an attacker to access a database and extract or modify data.
Opportunity: Integration of fine granulated network segmenation (also between pods in the same namespace)

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Implementation hints: netassert
OWASP SAMM 2 Mapping: v-security-testing|A|2

Test of the configuration of cloud environments

Risk and Opportunity

Risk: Standard hardening practices for cloud environments are not performed leading to vulnerabilities.
Opportunity: With the help of tools the configuration of virtual environments are tested.

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Implementation hints:
OWASP SAMM 1 Mapping: EH2-B

Weak password test

Risk and Opportunity

Risk: Weak passwords in components like applications or systems, specially for privileged accounts, lead to take over of that account.
Opportunity: Automatic brute force attacks are performed. Specially the usage of standard accounts like 'admin' and employee user-ids is recommended.

Exploit details

Usefullness: Very Low
Required knowledge: Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Implementation hints: HTC Hydra
OWASP SAMM 2 Mapping: v-security-testing|A|2

Load tests

Risk and Opportunity

Risk: As it is unknown how many requests the systems and applications can serve, due to an unexpected load the availability is disturbed.
Opportunity: Load test against the production system or a production near system is performed.

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Very High

OWASP SAMM 2 Mapping: v-security-testing|A|1

Unter-Dimension Static depth for infrastructure

Test cluster deployment resources

Risk and Opportunity

Risk: The deployment configuration (e.g. kubernetes deployment resources) might contain unsecure configurations.
Opportunity: Test the deployment configuration for virtualized environments for unsecure configurations.

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Very Low
Required resources (systems): Low

Additional Information

Implementation hints:
OWASP SAMM 2 Mapping: v-security-testing|A|1

Test the configuration of cloud environments

Risk and Opportunity

Risk: Standard hardening practices for cloud environments are not performed leading to vulnerabilities.
Opportunity: With the help of tools the configuration of virtual environments are tested.

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Implementation hints:
OWASP SAMM 1 Mapping: EH2-B
OWASP SAMM 2 Mapping: v-security-testing|A|1

Test of infrastructure components for known vulnerabilities

Risk and Opportunity

Risk: Infrastructure components might have vulnerabilities.
Opportunity: Test for known vulnerabilities in infrastructure components. Often, the only way to respond to known vulnerabilities in operating system packages is to accept the risk and wait for a patch.

Exploit details

Usefullness: Low
Required knowledge: Low (one discipline)
Required time: Very High
Required resources (systems): Low

Additional Information

Implementation hints:
OWASP SAMM 2 Mapping: v-security-testing|A|1