Threat Modeling & Mitigation
Base Information
Udajuicer is the largest juice shop in the world. They’ve amassed millions with shops all around the world without a reliance on technology. The owner Manu Juicer has technophobia and severe distrust of technology, so all his shops operate on a cash-and-carry model. His irrational fear surprisingly hasn’t hurt the store, and many people have grown to love the franchise for its simplicity. The business was booming until Covid-19 hit. Stubborn and not wanting to adapt to the current climate, Manu tried all sorts of gimmicks and deals to drive foot traffic to his business but wasn’t successful. Begrudgingly he accepted his predicament, and it was time to embrace technology.
Manu left it to his internal business team to come up with an online application where customers can place orders for delivery/pickup. Udajuicer’s business team, left with very vague instructions on how to build an application, had no idea where to begin. In a pickle, they launched Craigslist and looked for someone that would be able to build them their juice shop application. Since no one at the company had much computer expertise or an internal technology department, they were quite inept at identifying qualified candidates. They eventually settled on a newbie Chad, who fleeced their money and created an insecure application.
Excitement was in the air as Udajuicer finally had its flagship product! Udajuicer proceeded to test the application out in beta for a week before production. Unfortunately, the site would constantly go down, and they weren’t sure what the issue was. They reached out to Chad once again to troubleshoot but weren’t able to identify what was going on, as Chad assured them it was nothing on his end. Paranoid Manu thought it was his rival Super Smoothies hacking and taking down his application.
Wanting to get to the bottom of the issue, he reached out to SecureCorp, the world-renown cybersecurity consulting firm. SecureCorp deploys you, a security analyst, to get to the bottom of the issue and find out why the Juice Shop site keeps going down. Your job will consist of building a threat model for Manu’s website. Using the internal threat model template provided, you will go through the process of helping Manu mitigate his current issue and build a secure application.
Assessing Assets
It’s time to get to work! You’ve arrived at one of Udajuicer’s headquarters located in Miami and are shocked at the lack of technology. You ponder how in the world this is the largest juice shop without ever using computers or relying on technology. After the initial shock, you’re ready to get back on track and get to work. Manu, the eccentric owner, takes it upon himself to work with you directly to make sure you have everything you need. You first request an architecture diagram of the application and logs from right before the application went down. At a quick glance, you notice the woefully designed architecture and buckle up for a long day, all the whilst Manu is in your ear talking about Super Smoothies evil plot to take down his franchise.
Asset Inventory
The first part of our threat model is being able to identify all the assets involved in the target of the assessment. What does Udajuicer have of value? Looking at the architecture diagram, identify all the components that make up Udajuicer and document them in the assessment scope of your report. After identifying all the parts, explain the function of each part.
Architecture Audit
Now that we’ve identified all the components that make up Udajuicer, let’s conduct an architecture review with the given diagram. Referencing what we went over in secure architecture best practices, list out at least 3 flaws.
Threat Model
Build a Threat Model Diagram showing the flow of data using OWASP Threat Dragon. Identify at least 3 possible threats that would pose a threat to your web application. Think of the OWASP Top 10.
Threat Analysis
We’ve now identified a few insecurities in Udajuicer’s architecture and want to use this knowledge to help us identify what was causing Udajuicer's website to crash. When in doubt, investigating logs should point us in the right direction. Analyze the log file on the desktop to identify what type of attack took down the Juice Shop.
Threat Actor Analysis
The final part of our assessment consists of us trying to identify who would possibly want to take down the Juice Shop? Below are possible threat actors that we’ve covered in our course. Select who you think would most likely be responsible for the attack and explain why.
Vulnerabilities
You’ve made it past the initial assessment and still have your sanity, as working with Manu can be exhausting. You’ve identified the initial attack and shortcomings of the application setup. Manu is currently fuming with anger at the ineptness of both his business team and Chad, whom they hired. Treading lightly, you notify him you have to continue with a deeper analysis of the application to see if you can find more vulnerabilities. Petrified Manu retreats into the corner, awaiting the news of your probe.
The first vulnerability we want to exploit is on the login page of the website. Navigate to the login page, and you should see a username and password field. Unfortunately for Juice Shop, this login portal is subjectable to a SQL Injection attack! Just as we covered during the course, exploit the vulnerability, and gain access to the site as admin.
The second vulnerability we want to exploit is after we’ve logged into the site. We want to exploit an XSS vulnerability in the search bar. Attempt an arbitrary command that will render an alert with the value “Hacked”.
Risk Analysis
After notifying Manu of two more vulnerabilities, his technophobia is on full display. You reassure him that these problems can be resolved, but the next step is to rank the risks in order of what should be dealt with first.
Mitigation Plan
At this point, we’ve broken down all the risks and in what order Udajuicer should mitigate them. Unsure and still broken, Manu asks you how to resolve them. You assure him that you’ll build out the mitigation and get Udajuicer back up and running! Manu’s faith in you getting the job done is all that’s holding his technophobia in check.
Mystery Attack Mitigation
Now we want to tackle his most pressing issue and want to implement a solution to mitigate the attack you identified in 1.4. We’ve covered a few different strategies on how to prevent these types of attacks in this course. Choose one or more of the methods we’ve covered in the course and describe how implementing it would prevent further attacks of this type.
SQL Injection Mitigation
The next issue we want to fix is the SQL injection vulnerability on his login page. We’ve covered a few different strategies on how to prevent SQL Injections attacks. Choose one or more of the methods we’ve covered in the course and describe how implementing it would prevent further Injection attacks.
XSS Mitigation
The last issue we want to fix is the XSS vulnerability. We’ve covered a few different strategies on how to prevent XSS attacks. Choose one or more of the methods we’ve covered in the course and describe how implementing it would prevent further XSS attacks.
Results
Conducted a full threat assessment of Udajuicer's insecure web application, identifying major security flaws including lack of encryption, poor network segmentation, and missing authentication layers.
Performed an architecture audit and discovered critical vulnerabilities such as SQL Injection, XSS, and improper firewall configurations, leading to a high-risk security posture.
Investigated and identified a DDoS attack as the primary cause of frequent site crashes, analyzing server logs to detect an excessive volume of simultaneous login requests from multiple IP addresses.
Developed a risk analysis framework prioritizing vulnerabilities based on impact and likelihood, ranking insecure architecture and SQL injection as the most critical threats.
Designed and proposed a mitigation strategy that included implementing secure coding practices, sanitizing user inputs, enforcing rate limiting for DDoS protection, and strengthening authentication mechanisms.
Click Here to view the final report.
