0% encontró este documento útil (0 votos)

580 vistas29 páginas

Informe de Amenazas Web Server

Este documento presenta un informe de modelado de amenazas que identifica 12 posibles amenazas a un servidor web, incluidos ataques de suplantación, inyección de scripts entre sitios y elevación de privilegios. Para cada amenaza, se proporciona una descripción, categoría, justificación y tres salvaguardas implementadas. El informe resume el estado de mitigación de cada amenaza y proporciona un diagrama y validación de la consulta SQL relacionada.

Cargado por

Norberto Cárdenas Luna

Derechos de autor

Nos tomamos en serio los derechos de los contenidos. Si sospechas que se trata de tu contenido, reclámalo aquí.

Formatos disponibles

Descarga como PDF, TXT o lee en línea desde Scribd

0% encontró este documento útil (0 votos)

580 vistas29 páginas

Informe de Amenazas Web Server

Cargado por

Norberto Cárdenas Luna

Derechos de autor

Nos tomamos en serio los derechos de los contenidos. Si sospechas que se trata de tu contenido, reclámalo aquí.

Formatos disponibles

Descarga como PDF, TXT o lee en línea desde Scribd

28/11/2019 Threat Modeling Report

Informe de modelado de amenazas

Creado el 28/11/2019 8:47:39 pm

Nombre del modelo de amenaza:

Propietario:

Crítico:

Contribuyentes:

Descripción:

Suposiciones

Dependencias externas:

Resumen del modelo de amenazas:

No empezado 00
No aplica 00
Investigación de necesidades 0 0
Mitigación implementada 87
Total 87
Total migrado 00

Diagrama: Consulta SQL

Mensajes de validación:

1. Error: el conector debe estar conectado a dos elementos.

Consulta del resumen del diagrama SQL:

No empezado 00
No aplica 00
Investigación de necesidades 0 0

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 1/29

28/11/2019 Threat Modeling Report
Mitigación implementada 87
Total 87
Total migrado 00

Amenaza (s) no asociadas con una interacción:

1. Posible rechazo de datos por servidor web [Estado: mitigación implementada] [Prioridad: Alta]

Categoría: Repudio
Descripción: Web Server claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the
source, time, and summary of the received data.
Justification: DREAD = 2+1+2+2+2 = 9 RIESGO MEDIO
Dread-damage: Medium
Dread- Low
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1: FUERTE AUTENTICACIÓN
Safeguard 2: REGISTRO DE CUALQUIER ACTIVIDAD DEL SERVIDOR
Safeguard 3:

2. Spoofing the Browser Client Process [State: Mitigation Implemented] [Priority: High]

Category: Spoofing
Description: Browser Client may be spoofed by an attacker and this may lead to unauthorized access to Web Server. Consider using a standard
authentication mechanism to identify the source process.
Justification: DREAD = 2+2+2+2+2 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1: MEJORAR EL MECANISMO DE AUTENTICACIÓN
Safeguard 2: IMPLIMENTAR UN MECANISMOS DE AUTENTICACIÓN SEGURO
Safeguard 3:

3. Cross Site Scripting [State: Mitigation Implemented] [Priority: High]

Category: Tampering
Description: The web server 'Web Server' could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.
Justification: DREAD = 2+2+2+3+2 = 11 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: High
Dread-Discoverablity: Medium
Safeguard 1: COMPROBAR QUE EL CODIGO DEL SITIO SEA SEGURO
Safeguard 2: ADQUISICIÓIN DE SOFTWARE DE SEGURIDAD
Safeguard 3:

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 2/29

28/11/2019 Threat Modeling Report
4. Spoofing of Source Data Store web en disco [State: Mitigation Implemented] [Priority: High]

Category: Spoofing
Description: web en disco may be spoofed by an attacker and this may lead to incorrect data delivered to Web Server. Consider using a standard
authentication mechanism to identify the source data store.
Justification: DREAD = 3+2+2+2+2 = 11 RIESGO MEDIO
Dread-damage: High
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1: APLICAR POLITICAS DE SEGURIDAD DE CONTRASEÑAS
Safeguard 2: HACIENDO USO DE CONTROLES PREVENTIVOS
Safeguard 3:

5. Persistent Cross Site Scripting [State: Mitigation Implemented] [Priority: High]

Category: Tampering
Description: The web server 'Web Server' could be a subject to a persistent cross-site scripting attack because it does not sanitize data store 'web en
disco' inputs and output.
Justification: DREAD = 2+2+2+3+2 = 11 RIESGO MEDIO
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected High
users:
Dread- Medium
Discoverablity:
Safeguard 1: AUTENTICACIÓN DE USUARIOS
Safeguard 2: ANALIZADOR DE CODIGO FUENTE DE LA APLICACIÓN WEB
Safeguard 3:

6. Weak Access Control for a Resource [State: Mitigation Implemented] [Priority: High]

Category: Information Disclosure

Description: Improper data protection of web en disco can allow an attacker to read information not intended for disclosure. Review authorization
settings.
Justification: DREAD = 2+3+2+2+3 = 12 RIESGO ALTO
Dread-damage: Medium
Dread- High
Reproducibility:
Dread-Exploitability: Medium
Dread-Affected Medium
users:
Dread-Discoverablity: High
Safeguard 1: POLITICAS DE PRIVILEGIOS DE USUARIOS
Safeguard 2: CORTAFUEGOS
Safeguard 3:

7. Cross Site Scripting [State: Mitigation Implemented] [Priority: High]

Category: Tampering
Description: The web server 'Web Server' could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.
file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 3/29
28/11/2019 Threat Modeling Report

Justification: DREAD = 2+2+2+1+2 = 9 RIESGO MEDIO

Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Low
Dread-Discoverablity: Medium
Safeguard 1: COMPROBAR QUE EL CODIGO DEL SITIO SEA SEGURO
Safeguard 2: VERIFIACICÓN DE CODIGO FUENTE
Safeguard 3:

8. Elevation Using Impersonation [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Web Server may be able to impersonate the context of Server SQL in order to gain additional privilege.
Justification: DREAD = 2+2+2+3+2 = 11 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: High
Dread-Discoverablity: Medium
Safeguard 1: MANTENER EL ANTIVIRUS ACTUALIZADO
Safeguard 2: CIFRADO DE COMPONENTE DEL SOFTWARE
Safeguard 3:

9. Cross Site Scripting [State: Mitigation Implemented] [Priority: High]

Category: Tampering
Description: The web server 'Web Server' could be a subject to a cross-site scripting attack because it does not sanitize untrusted input.
Justification: DREAD = 2+2+2+1+2 = 9 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Low
Dread-Discoverablity: Medium
Safeguard 1: POLITICAS DE CONTRASEÑAS SEGURAS
Safeguard 2: POLITICAS DE CONTROL DE ACCESO BASADO EN ROLES
Safeguard 3:

10. Elevation Using Impersonation [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Web Server may be able to impersonate the context of Browser Client in order to gain additional privilege.
Justification: DREAD = 2+2+2+2+2 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: EJECUTAR APLICACION CON EL MENOR PRIVILEGIO POSIBLE
Safeguard 2: PARCHEAR CON LA ACTUALIZACIÓN MAS RECIENTE
Safeguard 3:

11. Web Server Process Memory Tampered [State: Mitigation Implemented] [Priority: High]

Category: Tampering
Description: If Web Server is given access to memory, such as shared memory or pointers, or is given the ability to control what Browser Client executes
(for example, passing back a function pointer.), then Web Server can tamper with Browser Client. Consider if the function could work with less
file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 4/29
28/11/2019 Threat Modeling Report
access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.
Justification: DREAD = 2+2+2+3+2 = 11 RIESGO MEDIO
Dread- Medium
damage:
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected High
users:
Dread- Medium
Discoverablity:
Safeguard 1: AMPLIACION DE MEMORIA A EQUIPOS
Safeguard 2: VALIDACION DE APLICACIONES INNECESARIAS
Safeguard 3:

12. Elevation Using Impersonation [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Browser Client may be able to impersonate the context of Web Server in order to gain additional privilege.
Justification: DREAD = 2+2+2+2+2 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: MANTENER ACTUALIZADA LA APLICACIÓN
Safeguard 2: VERIFICACIÓN DE PERMISOS
Safeguard 3:

13. Elevation Using Impersonation [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Server SQL may be able to impersonate the context of Web Server in order to gain additional privilege.
Justification: DREAD = 2+2+2+2+2 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: VERIFICACIÓN DE PRIVILEGIOS DE USUARIOS
Safeguard 2: PARCHEAR CON LA ULTIMA ACTUALIZACION EL SERVIDOR DE BASE DE DATOS
Safeguard 3:

14. Elevation by Changing the Execution Flow in Web Server [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: An attacker may pass data into Web Server in order to change the flow of program execution within Web Server to the attacker's
choosing.
Justification: DREAD = 2+2+2+1+2 = 9 RIESGO MEDIO
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread-Exploitability: Medium
Dread-Affected users: Low
Dread-Discoverablity: Medium
Safeguard 1: VALIDAR DATOS DE ENTRADA EN LA APLICACIÓN WEB

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 5/29

28/11/2019 Threat Modeling Report
Safeguard 2: MANEJO DE EXCEPCIONES
Safeguard 3:

15. Web Server May be Subject to Elevation of Privilege Using Remote Code Execution [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Browser Client may be able to remotely execute code for Web Server.
Justification: DREAD = 2+2+2+1+2 = 9 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Low
Dread-Discoverablity: Medium
Safeguard 1: VALIDAR LOS DATOS DEL USUARIO ENVIADOS
Safeguard 2: LIMITAR LA CANTIDAD DE DATOS ENVIADOPS POR EL USUARIO
Safeguard 3:

16. Data Flow HTTPS Is Potentially Interrupted [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

Description: An external agent interrupts data flowing across a trust boundary in either direction.
Justification: DREAD = 2+2+2+3+1 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: High
Dread-Discoverablity: Low
Safeguard 1: SISTEMA ALTERNO DE SUMINISTRO ELECTRICO
Safeguard 2: PLAN DE CONTINGENCIA
Safeguard 3:

17. Potential Process Crash or Stop for Web Server [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

Description: Web Server crashes, halts, stops or runs slowly; in all cases violating an availability metric.
Justification: DREAD = 2+2+3+2+2 = 11 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: High
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: IMPLEMENTAR EXCEPCIONES DESDE EL CODIGO FUENTE DE LA APLICACIÓN
Safeguard 2: VALIDAR TODOS LOS CAMPOS DE ENTRADA
Safeguard 3:

18. Cross Site Request Forgery [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Cross-site request forgery (CSRF or XSRF) is a type of attack in which an attacker forces a user's browser to make a forged request to a
vulnerable site by exploiting an existing trust relationship between the browser and the vulnerable web site. In a simple scenario, a user is
logged in to web site A using a cookie as a credential. The other browses to web site B. Web site B returns a page with a hidden form that
posts to web site A. Since the browser will carry the user's cookie to web site A, web site B now can take any action on web site A, for
example, adding an admin to an account. The attack can be used to exploit any requests that the browser automatically authenticates, e.g.
by session cookie, integrated authentication, IP whitelisting, … The attack can be carried out in many ways such as by luring the victim to a
site under control of the attacker, getting the user to click a link in a phishing email, or hacking a reputable web site that the victim will visit.
The issue can only be resolved on the server side by requiring that all authenticated state-changing requests include an additional piece of
secret payload (canary or CSRF token) which is known only to the legitimate web site and the browser and which is protected in transit
through SSL/TLS. See the Forgery Protection property on the flow stencil for a list of mitigations.

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 6/29

28/11/2019 Threat Modeling Report
Justification: DREAD = 2+1+2+2+2 = 9 RIESGO MEDIO
Dread- Medium
damage:
Dread- Low
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1: ASEGURAR NOMBRES DE USUARIOS Y CONTRASEÑAS
Safeguard 2: EVITAR NAVEGACIÓN SIMULTANEA
Safeguard 3:

19. Spoofing the Web Server Process [State: Mitigation Implemented] [Priority: High]

Category: Spoofing
Description: Web Server may be spoofed by an attacker and this may lead to unauthorized access to Browser Client. Consider using a standard
authentication mechanism to identify the source process.
Justification: DREAD = 1+2+2+1+2 = 8 RIESGO MEDIO
Dread-damage: Low
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Low
users:
Dread- Medium
Discoverablity:
Safeguard 1: IMPLEMENTAR AUTENTICACIÓN DE DOS FACTORES
Safeguard 2: CORTAFUEGOS
Safeguard 3:

20. Potential Data Repudiation by Browser Client [State: Mitigation Implemented] [Priority: High]

Category: Repudiation
Description: Browser Client claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the
source, time, and summary of the received data.
Justification: DREAD = 2+2+1+2+1 = 8 RIESGO MEDIO
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread- Low
Exploitability:
Dread-Affected Medium
users:
Dread- Low
Discoverablity:
Safeguard 1: AUDITORIA DE TODA LA ACTIVIDAD DEL SERVIDOR
Safeguard 2: AUTENTICACIÓN FUERTE
Safeguard 3:

21. Potential Process Crash or Stop for Browser Client [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

Description: Browser Client crashes, halts, stops or runs slowly; in all cases violating an availability metric.
Justification: DREAD = 1+1+1+2+2 = 7 RIESGO BAJO
Dread-damage: Low

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 7/29

28/11/2019 Threat Modeling Report
Dread-Reproducibility: Low
Dread-Exploitability: Low
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: ESTABLECER TIEMPO DE ESPERAS PARA SOLICITUDES
Safeguard 2: DESECHAR RECURSOS CUANDO LA APLICACION YA NO LOS USE
Safeguard 3:

22. Data Flow HTTPS Is Potentially Interrupted [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

Description: An external agent interrupts data flowing across a trust boundary in either direction.
Justification: DREAD = 2+2+2+2+2 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: ENVIAR RESPUESTA SI NO SE PUEDE PROCESAR
Safeguard 2: SI CONTINUA PROCESANDO REALIZARLO EN UNA CAPACIDAD REDUCIDA
Safeguard 3:

23. Browser Client May be Subject to Elevation of Privilege Using Remote Code Execution [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Web Server may be able to remotely execute code for Browser Client.
Justification: DREAD = 2+2+2+2+2 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: POLITICAS DE SEGURIDAD RELACIONADA CON LOS PERMISOS DE USUARIO
Safeguard 2: VERIFICACIÓN DE AUTENTICACIÓN EN CADA PETICIÓN
Safeguard 3:

24. Elevation by Changing the Execution Flow in Browser Client [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: An attacker may pass data into Browser Client in order to change the flow of program execution within Browser Client to the attacker's
choosing.
Justification: DREAD = 2+2+2+2+2 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread-Exploitability: Medium
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1: VERIFICACIÓN DE PERMISOS
Safeguard 2: VERIFICACIÓN DE CODIGO FUENTE DE LOS APLICATIVOS
Safeguard 3:

25. Potential Data Repudiation by Web Server [State: Mitigation Implemented] [Priority: High]

Category: Repudiation

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 8/29

28/11/2019 Threat Modeling Report
Description: Web Server claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the
source, time, and summary of the received data.
Justification: DREAD = 2+2+1+1+1 = 7 RIESGO BAJO
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread- Low
Exploitability:
Dread-Affected Low
users:
Dread- Low
Discoverablity:
Safeguard 1: AUTENTICAR EL RECEPTOR PARA GARANTIZAR LA COMUNICACIÓN
Safeguard 2: INVESTIGAR ACTIVIDADES SOSPECHOSAS
Safeguard 3:

26. Potential Process Crash or Stop for Web Server [State: Mitigation Implemented] [Priority: High]

27. Data Flow IPsec Is Potentially Interrupted [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

Description: An external agent interrupts data flowing across a trust boundary in either direction.
Justification: DREAD = 2+2+2+2+2 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: CONTINUAR EL PROCESO EN UNA CAPACIDAD REDUCIDA
Safeguard 2: INFORMAR AL USUARIO DE CUANDO NO SE PUEDA CONTINUAR CON UN PROCESO
Safeguard 3:

28. Web Server May be Subject to Elevation of Privilege Using Remote Code Execution [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Server SQL may be able to remotely execute code for Web Server.
Justification: DREAD = 2+2+2+2+2 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: High
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: SE DEBE VALIDAR Y REGISTRAR LOS DATOS PROPORCIONADOS POR EL USUARIO
Safeguard 2: LOS DATOS PROPORCIONADOS POR EL USUARIO SE DEBEN SER LIMITADOS
Safeguard 3:

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 9/29

28/11/2019 Threat Modeling Report
29. Elevation by Changing the Execution Flow in Web Server [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: An attacker may pass data into Web Server in order to change the flow of program execution within Web Server to the attacker's
choosing.
Justification: DREAD = 2+2+2+2+2 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread-Exploitability: Medium
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: PROTECCION PARA DESBORDAMIENTO DE BUFER Y OTROS PROBLEMAS
Safeguard 2: POR DEFECTO ESTABLECER EL MINIMO DE PRIVILEGIOS
Safeguard 3:

30. Elevation by Changing the Execution Flow in Server SQL [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: An attacker may pass data into Server SQL in order to change the flow of program execution within Server SQL to the attacker's
choosing.
Justification: DREAD = 3+2+3+3+3 = 14 RIESGO ALTO
Dread-damage: High
Dread- Medium
Reproducibility:
Dread-Exploitability: High
Dread-Affected users: High
Dread-Discoverablity: High
Safeguard 1: PRIVILEGIOS MINIMOS POR DEFECTO PARA USUARIOS
Safeguard 2: PROBLEMAS PARA LA PROTECCIÓN DE PROBLEMAS DE MEMORIA
Safeguard 3:

31. Server SQL May be Subject to Elevation of Privilege Using Remote Code Execution [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Web Server may be able to remotely execute code for Server SQL.
Justification: DREAD = 3+3+3+3+1 = 13 RIESGO ALTO
Dread-damage: High
Dread-Reproducibility: High
Dread-Exploitability: High
Dread-Affected users: High
Dread-Discoverablity: Low
Safeguard 1: LIMITAR LA CANTIDAD DE DATOS EXTERNOS
Safeguard 2: VALIDAR LA CANTIDAD DE DATOS ENVIADA
Safeguard 3:

32. Data Flow IPsec Is Potentially Interrupted [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

Description: An external agent interrupts data flowing across a trust boundary in either direction.
Justification: DREAD = 2+2+3+2+2 = 9 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: High
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: NO BLOQUEAR LA ESPERA DE LAS PETICIONES

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 10/29

28/11/2019 Threat Modeling Report
Safeguard 2: CONTINUAR EL PROCESO CON UNA CANTIDAD MINIMA
Safeguard 3:

33. Potential Process Crash or Stop for Server SQL [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

Description: Server SQL crashes, halts, stops or runs slowly; in all cases violating an availability metric.
Justification: DREAD = 1+3+1+3+1 = 9 RIESGO MEDIO
Dread-damage: Low
Dread-Reproducibility: High
Dread-Exploitability: Low
Dread-Affected users: High
Dread-Discoverablity: Low
Safeguard 1: VALIDACION DE DATOS DE ENTRADA
Safeguard 2: MANEJO DE EXCEPCIONES
Safeguard 3:

34. Potential Data Repudiation by Server SQL [State: Mitigation Implemented] [Priority: High]

Category: Repudiation
Description: Server SQL claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the
source, time, and summary of the received data.
Justification: DREAD = 3+3+3+3+3 = 15 RIESGO ALTO
Dread-damage: High
Dread- High
Reproducibility:
Dread- High
Exploitability:
Dread-Affected High
users:
Dread- High
Discoverablity:
Safeguard 1: RESTRICCION DE PRIVILEGIOS
Safeguard 2: ASIGNACIÓN DE PERMISOS MINIMOS A USUARIOS
Safeguard 3:

35. Potential Data Repudiation by Web Server [State: Mitigation Implemented] [Priority: High]

Category: Repudiation
Description: Web Server claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the
source, time, and summary of the received data.
Justification: DREAD = 2+2+1+1+1 = 7 RIESGO BAJO
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread- Low
Exploitability:
Dread-Affected Low
users:
Dread- Low
Discoverablity:
Safeguard 1:
Safeguard 2:
Safeguard 3:

36. Potential Process Crash or Stop for Web Server [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 11/29

28/11/2019 Threat Modeling Report
Description: Web Server crashes, halts, stops or runs slowly; in all cases violating an availability metric.
Justification: DREAD = 3+2+3+3+3 = 14 RIESGO ALTO
Dread-damage: High
Dread-Reproducibility: Medium
Dread-Exploitability: High
Dread-Affected users: High
Dread-Discoverablity: High
Safeguard 1: SE DEBE GARANTIZAR EL ACCESO ININTERRUMPIDO A LOS DATOS
Safeguard 2: NO BLOQUEAR LAS PETICIONES EN ESPERA
Safeguard 3:

37. Data Flow Datos Is Potentially Interrupted [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

Description: An external agent interrupts data flowing across a trust boundary in either direction.
Justification: DREAD = 2+2+3+2+2 = 11 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: High
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: NO INTERRUMPIR PROCESOS Y CONTINUAR CON UNA CAPACIDAD REDUCIDA
Safeguard 2: AUDITORIA DE REDES
Safeguard 3:

38. Data Store Inaccessible [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

Description: An external agent prevents access to a data store on the other side of the trust boundary.
Justification: DREAD = 2+2+3+2+2 = 11 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: High
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: AUDITORIA DE REDES
Safeguard 2: MONITOREAR PETICIONES SOSPECHOSAS
Safeguard 3:

39. Web Server May be Subject to Elevation of Privilege Using Remote Code Execution [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: web en disco may be able to remotely execute code for Web Server.
Justification: DREAD = 1+1+2+1+1 = 6 RIESGO BAJO
Dread-damage: Low
Dread-Reproducibility: Low
Dread-Exploitability: Medium
Dread-Affected users: Low
Dread-Discoverablity: Low
Safeguard 1: VALIDAR LOS DATOS QUE SE INGRESAN AL SISTEMA
Safeguard 2: LIMITACIÓN A CONEXIONES REMOTAS
Safeguard 3:

40. Elevation by Changing the Execution Flow in Web Server [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 12/29

28/11/2019 Threat Modeling Report
Description: An attacker may pass data into Web Server in order to change the flow of program execution within Web Server to the attacker's
choosing.
Justification: DREAD = 2+2+2+2+2 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread-Exploitability: Medium
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: VALIDACION DE DATOS DE ENTRADA
Safeguard 2: MANEJO DE EXCEPCIONES
Safeguard 3:

Interaction: ALPC

41. Weak Access Control for a Resource [State: Mitigation Implemented] [Priority: High]

42. Spoofing of Source Data Store Generic Data Store [State: Mitigation Implemented] [Priority: High]

Category: Spoofing
Description: Disco de Almacenamiento may be spoofed by an attacker and this may lead to incorrect data delivered to Server FTP. Consider using a
standard authentication mechanism to identify the source data store.
Justification: DREAD = 2+3+2+2+3 = 12 RIESGO ALTO
Dread- High
damage:
Dread- High
Reproducibility:
Dread- High
Exploitability:
Dread-Affected High
users:
Dread- High
file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 13/29
28/11/2019 Threat Modeling Report
Discoverablity:
Safeguard 1: CORTAFUEGOS
Safeguard 2: COPIAS DE SEGURIDAD DE BASE DE DATOS
Safeguard 3:

Interaction: ALPC

43. Potential Excessive Resource Consumption for Server FTP or Generic Data Store [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

Description: Does Server FTP or Disco de Almacenamiento take explicit steps to control resource consumption? Resource consumption attacks can be
hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and
that they do timeout.
Justification: DREAD = 2+2+3+2+2 = 11 RIESGO MEDIO
Dread- Medium
damage:
Dread- Medium
Reproducibility:
Dread- High
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1: AUDITORIA DE REDES
Safeguard 2: MONITOREAR PETICIONES SOSPECHOSAS
Safeguard 3:

44. Spoofing of Destination Data Store Generic Data Store [State: Mitigation Implemented] [Priority: High]

Category: Spoofing
Description: Disco de Almacenamiento may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Disco de
Almacenamiento. Consider using a standard authentication mechanism to identify the destination data store.
Justification: DREAD = 2+3+2+2+3 = 12 RIESGO ALTO
Dread- Medium
damage:
Dread- High
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- High
Discoverablity:
Safeguard 1: CORTAFUEGOS
Safeguard 2: COPIAS DE SEGURIDAD DE BASE DE DATOS
Safeguard 3:

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 14/29

28/11/2019 Threat Modeling Report

Interaction: HTTP

45. Potential Lack of Input Validation for Server FTP [State: Mitigation Implemented] [Priority: High]

Category: Tampering
Description: Data flowing across HTTP may be tampered with by an attacker. This may lead to a denial of service attack against Server FTP or an elevation
of privilege attack against Server FTP or an information disclosure by Server FTP. Failure to verify that input is as expected is a root cause of a
very large number of exploitable issues. Consider all paths and the way they handle data. Verify that all input is verified for correctness using
an approved list input validation approach.
Justification: DREAD = 2+2+2+3+2 = 11 RIESGO MEDIO
Dread- Medium
damage:
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected High
users:
Dread- Medium
Discoverablity:
Safeguard 1: ACTUALIZACION DE SOFTWARE
Safeguard 2: AUDITORIA DE REDES
Safeguard 3:

46. Spoofing the Server FTP Process [State: Mitigation Implemented] [Priority: High]

Category: Spoofing
Description: Server FTP may be spoofed by an attacker and this may lead to information disclosure by Navegador. Consider using a standard
authentication mechanism to identify the destination process.
Justification: DREAD = 3+2+2+3+2 = 12 RIESGO ALTO
Dread-damage: High
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected High
users:
Dread- Medium
Discoverablity:
Safeguard 1: FIREWALL
Safeguard 2: MECANISMO DE AUTENTICACIÓN ESTANDAR
Safeguard 3:

47. Spoofing the Navegador Process [State: Mitigation Implemented] [Priority: High]

Category: Spoofing
Description: Navegador may be spoofed by an attacker and this may lead to unauthorized access to Server FTP. Consider using a standard
authentication mechanism to identify the source process.

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 15/29

28/11/2019 Threat Modeling Report
Justification: DREAD = 3+2+2+3+2 = 12 RIESGO ALTO
Dread-damage: High
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected High
users:
Dread- Medium
Discoverablity:
Safeguard 1: FIREWALL
Safeguard 2: MECANISMO DE AUTENTICACIÓN ESTANDAR
Safeguard 3:

48. Potential Data Repudiation by Server FTP [State: Mitigation Implemented] [Priority: High]

Category: Repudiation
Description: Server FTP claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the
source, time, and summary of the received data.
Justification: DREAD = 3+3+3+2+2 = 13 RIESGO ALTO
Dread-damage: High
Dread- High
Reproducibility:
Dread- High
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1: VALIDACION DE DATOS EXTERNOS
Safeguard 2: REGISTRO DE CUALQUIER ACTIVIDAD DEL SERVIDOR
Safeguard 3:

49. Data Flow Sniffing [State: Mitigation Implemented] [Priority: High]

Category: Information Disclosure

Description: Data flowing across HTTP may be sniffed by an attacker. Depending on what type of data an attacker can read, it may be used to attack other
parts of the system or simply be a disclosure of information leading to compliance violations. Consider encrypting the data flow.
Justification: DREAD = 2+3+2+2+1 = 10 RIESGO MEDIO
Dread- Medium
damage:
Dread- High
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- Low
Discoverablity:
Safeguard 1: POLITICAS DE PRIVILEGIOS DE USUARIOS
Safeguard 2: CORTAFUEGOS
Safeguard 3:

50. Potential Process Crash or Stop for Server FTP [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

Description: Server FTP crashes, halts, stops or runs slowly; in all cases violating an availability metric.
Justification: DREAD = 3+3+3+3+3 = 15 RIESGO ALTO
Dread-damage: High

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 16/29

28/11/2019 Threat Modeling Report
Dread-Reproducibility: High
Dread-Exploitability: High
Dread-Affected users: High
Dread-Discoverablity: High
Safeguard 1: VALIDACION DE DATOS
Safeguard 2: MANEJO DE EXCEPCIONES
Safeguard 3:

51. Data Flow HTTP Is Potentially Interrupted [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

52. Elevation Using Impersonation [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Server FTP may be able to impersonate the context of Navegador in order to gain additional privilege.
Justification: DREAD = 3+2+2+3+2 = 12 RIESGO ALTO
Dread-damage: High
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: High
Dread-Discoverablity: Medium
Safeguard 1: VERIFICACIÓN DE PRIVILEGIOS DE USUARIOS
Safeguard 2: PARCHEAR CON LA ULTIMA ACTUALIZACION EL SERVIDOR DE BASE DE DATOS
Safeguard 3:

53. Server FTP May be Subject to Elevation of Privilege Using Remote Code Execution [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Navegador may be able to remotely execute code for Server FTP.
Justification: DREAD = 2+2+2+1+2 = 9 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Low
Dread-Discoverablity: Medium
Safeguard 1: VALIDAR LOS DATOS DEL USUARIO ENVIADOS
Safeguard 2: LIMITAR LA CANTIDAD DE DATOS ENVIADOPS POR EL USUARIO
Safeguard 3:

54. Elevation by Changing the Execution Flow in Server FTP [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: An attacker may pass data into Server FTP in order to change the flow of program execution within Server FTP to the attacker's
choosing.
Justification: DREAD = 2+2+2+2+2 = 10 RIESGO MEDIO
Dread-damage: Medium
file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 17/29
28/11/2019 Threat Modeling Report

Dread- Medium
Reproducibility:
Dread-Exploitability: Medium
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: VERIFICACIÓN DE PERMISOS
Safeguard 2: VERIFICACIÓN DE CODIGO FUENTE DE LOS APLICATIVOS
Safeguard 3:

Interaction: HTTP

55. Spoofing the Navegador Process [State: Mitigation Implemented] [Priority: High]

Category: Spoofing
Description: Navegador may be spoofed by an attacker and this may lead to information disclosure by Server FTP. Consider using a standard
authentication mechanism to identify the destination process.
Justification: DREAD = 3+2+2+3+2 = 12 RIESGO ALTO
Dread-damage: High
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected High
users:
Dread- Medium
Discoverablity:
Safeguard 1: FIREWALL
Safeguard 2: MECANISMO DE AUTENTICACIÓN ESTANDAR
Safeguard 3:

56. Potential Lack of Input Validation for Navegador [State: Mitigation Implemented] [Priority: High]

Category: Tampering
Description: Data flowing across HTTP may be tampered with by an attacker. This may lead to a denial of service attack against Navegador or an elevation
of privilege attack against Navegador or an information disclosure by Navegador. Failure to verify that input is as expected is a root cause of a
very large number of exploitable issues. Consider all paths and the way they handle data. Verify that all input is verified for correctness using
an approved list input validation approach.
Justification: DREAD = 2+2+2+3+2 = 11 RIESGO MEDIO
Dread- Medium
damage:
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected High
users:
Dread- Medium
Discoverablity:
Safeguard 1: ACTUALIZACION DE SOFTWARE
file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 18/29
28/11/2019 Threat Modeling Report

Safeguard 2: AUDITORIA DE REDES

Safeguard 3:

57. Server FTP Process Memory Tampered [State: Mitigation Implemented] [Priority: High]

Category: Tampering
Description: If Server FTP is given access to memory, such as shared memory or pointers, or is given the ability to control what Navegador executes (for
example, passing back a function pointer.), then Server FTP can tamper with Navegador. Consider if the function could work with less access
to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.
Justification: DREAD = 2+2+2+3+2 = 11 RIESGO MEDIO
Dread- Medium
damage:
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected High
users:
Dread- Medium
Discoverablity:
Safeguard 1: AMPLIACION DE MEMORIA A EQUIPOS
Safeguard 2: VALIDACION DE APLICACIONES INNECESARIAS
Safeguard 3:

58. Replay Attacks [State: Mitigation Implemented] [Priority: High]

Category: Tampering
Description: Packets or messages without sequence numbers or timestamps can be captured and replayed in a wide variety of ways. Implement or utilize
an existing communication protocol that supports anti-replay techniques (investigate sequence numbers before timers) and strong integrity.
Justification: DREAD = 2+2+2+3+2 = 11 RIESGO MEDIO
Dread- Medium
damage:
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected High
users:
Dread- Medium
Discoverablity:
Safeguard 1: CORTAFUEGOS
Safeguard 2: MONITOREO DE REDES
Safeguard 3:

59. Collision Attacks [State: Mitigation Implemented] [Priority: High]

Category: Tampering
Description: Attackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at
offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1. Ensure you reassemble data before
filtering it, and ensure you explicitly handle these sorts of cases.
Justification: DREAD = 3+3+3+3+3 = 15 RIESGO ALTO
Dread- High
damage:
Dread- High
Reproducibility:
Dread- High
Exploitability:
Dread-Affected High
users:
Dread- High
file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 19/29
28/11/2019 Threat Modeling Report
Discoverablity:
Safeguard 1: SISTEMA DE ALARMAS
Safeguard 2: REPORTES DE ACTIVIDAD SOSPECHOSA DEL SERVIDOR
Safeguard 3: SISTEMA DE RESPALDO

60. Potential Data Repudiation by Navegador [State: Mitigation Implemented] [Priority: High]

Category: Repudiation
Description: Navegador claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the
source, time, and summary of the received data.
Justification: DREAD = 3+3+3+2+2 = 13 RIESGO ALTO
Dread-damage: High
Dread- High
Reproducibility:
Dread- High
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1: VALIDACION DE DATOS EXTERNOS
Safeguard 2: REGISTRO DE CUALQUIER ACTIVIDAD DEL SERVIDOR
Safeguard 3:

61. Data Flow Sniffing [State: Mitigation Implemented] [Priority: High]

Category: Information Disclosure

62. Weak Authentication Scheme [State: Mitigation Implemented] [Priority: High]

Category: Information Disclosure

Description: Custom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential
equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system.
Consider the impact and potential mitigations for your custom authentication scheme.
Justification: DREAD = 2+3+2+2+1 = 10 RIESGO MEDIO
Dread- Medium
damage:
Dread- High
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 20/29

28/11/2019 Threat Modeling Report
Dread- Low
Discoverablity:
Safeguard 1: POLITICAS DE PRIVILEGIOS DE USUARIOS
Safeguard 2: CORTAFUEGOS
Safeguard 3:

63. Potential Process Crash or Stop for Navegador [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

Description: Navegador crashes, halts, stops or runs slowly; in all cases violating an availability metric.
Justification: DREAD = 1+2+2+2+2 = 9 RIESGO MEDIO
Dread-damage: Low
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: OPTIMIZACIÓN DE CONSULTAS A LA BASE DE DATOS
Safeguard 2: ACTUALIZACION DE NAVEGADOR
Safeguard 3:

64. Data Flow HTTP Is Potentially Interrupted [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

65. Elevation Using Impersonation [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Navegador may be able to impersonate the context of Server FTP in order to gain additional privilege.
Justification: DREAD = 2+2+2+1+2 = 9 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Low
Dread-Discoverablity: Medium
Safeguard 1: VALIDAR LOS DATOS DEL USUARIO ENVIADOS
Safeguard 2: LIMITAR LA CANTIDAD DE DATOS ENVIADOPS POR EL USUARIO
Safeguard 3:

66. Navegador May be Subject to Elevation of Privilege Using Remote Code Execution [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Server FTP may be able to remotely execute code for Navegador.
Justification: DREAD = 3+2+2+3+2 = 12 RIESGO ALTO
Dread-damage: High
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: High
file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 21/29
28/11/2019 Threat Modeling Report

Dread-Discoverablity: Medium
Safeguard 1: VERIFICACIÓN DE PRIVILEGIOS DE USUARIOS
Safeguard 2: PARCHEAR CON LA ULTIMA ACTUALIZACION EL SERVIDOR DE BASE DE DATOS
Safeguard 3:

67. Elevation by Changing the Execution Flow in Navegador [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: An attacker may pass data into Navegador in order to change the flow of program execution within Navegador to the attacker's
choosing.
Justification: DREAD = 2+2+2+2+2 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread-Exploitability: Medium
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: VERIFICACIÓN DE PERMISOS
Safeguard 2: VERIFICACIÓN DE CODIGO FUENTE DE LOS APLICATIVOS
Safeguard 3:

Interaction: IPsec

68. Spoofing of Destination Data Store SQL Database [State: Mitigation Implemented] [Priority: High]

Category: Spoofing
Description: SQL Database may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of SQL Database.
Consider using a standard authentication mechanism to identify the destination data store.
Justification: DREAD = 2+3+2+2+3 = 12 RIESGO ALTO
Dread- Medium
damage:
Dread- High
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- High
Discoverablity:
Safeguard 1: CORTAFUEGOS
Safeguard 2: COPIAS DE SEGURIDAD DE BASE DE DATOS
Safeguard 3: AUTENTICACIÓN DE USUARIOS

69. Potential SQL Injection Vulnerability for SQL Database [State: Mitigation Implemented] [Priority: High]

Category: Tampering
Description: SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and
execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 22/29

28/11/2019 Threat Modeling Report
syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.
Justification: DREAD = 3+2+2+2+2 = 11 RIESGO MEDIO
Dread- High
damage:
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1: ACTUALIZACIÓN DEL MOTOR DE BASE DE DATOS
Safeguard 2: VERIFICACIÓN DE CODIGO FUENTE DE LA APLICACIÓN WEB
Safeguard 3:

70. Potential Excessive Resource Consumption for Server SQL or SQL Database [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

Description: Does Server SQL or SQL Database take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal
with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do
timeout.
Justification: DREAD = 1+2+2+2+2 = 9 RIESGO MEDIO
Dread- Low
damage:
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1: OPTIMIZACIÓN DE CONSULTAS A LA BASE DE DATOS
Safeguard 2: CREAR INDICIES PARA LA OPTIMIZACIÓN DE LAS CONSULTAS
Safeguard 3:

Interaction: IPsec

71. Cross Site Request Forgery [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 23/29

28/11/2019 Threat Modeling Report
site under control of the attacker, getting the user to click a link in a phishing email, or hacking a reputable web site that the victim will visit.
The issue can only be resolved on the server side by requiring that all authenticated state-changing requests include an additional piece of
secret payload (canary or CSRF token) which is known only to the legitimate web site and the browser and which is protected in transit
through SSL/TLS. See the Forgery Protection property on the flow stencil for a list of mitigations.
Justification: DREAD = 3+2+2+3+2 = 12 RIESGO ALTO
Dread- High
damage:
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected High
users:
Dread- Medium
Discoverablity:
Safeguard 1: NO USAR LA SUPLANTACIÓN
Safeguard 2: MINIMO DE PERMISOS PARA USUARIOS
Safeguard 3:

72. Elevation by Changing the Execution Flow in Server HTTP [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: An attacker may pass data into Server HTTP in order to change the flow of program execution within Server HTTP to the attacker's
choosing.
Justification: DREAD = 2+2+2+2+2 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread-Exploitability: Medium
Dread-Affected Medium
users:
Dread-Discoverablity: Medium
Safeguard 1: VERIFICACIÓN DE PERMISOS
Safeguard 2: VERIFICACIÓN DE CODIGO FUENTE DE LOS APLICATIVOS
Safeguard 3:

73. Server HTTP May be Subject to Elevation of Privilege Using Remote Code Execution [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Navegador may be able to remotely execute code for Server HTTP.
Justification: DREAD = 2+2+2+1+2 = 9 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Low
Dread-Discoverablity: Medium
Safeguard 1: VALIDAR LOS DATOS DEL USUARIO ENVIADOS
Safeguard 2: LIMITAR LA CANTIDAD DE DATOS ENVIADOPS POR EL USUARIO
Safeguard 3:

74. Elevation Using Impersonation [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Server HTTP may be able to impersonate the context of Navegador in order to gain additional privilege.
Justification: DREAD = 3+2+2+3+2 = 12 RIESGO ALTO
Dread-damage: High
Dread-Reproducibility: Medium
Dread-Exploitability: Medium

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 24/29

28/11/2019 Threat Modeling Report
Dread-Affected users: High
Dread-Discoverablity: Medium
Safeguard 1: VERIFICACIÓN DE PRIVILEGIOS DE USUARIOS
Safeguard 2: PARCHEAR CON LA ULTIMA ACTUALIZACION EL SERVIDOR DE BASE DE DATOS
Safeguard 3:

75. Data Flow IPsec Is Potentially Interrupted [State: Mitigation Implemented] [Priority: High]

Category: Denial Of Service

76. Potential Process Crash or Stop for Server HTTP [State: Mitigation Implemented] [Priority: High]

77. Potential Data Repudiation by Server HTTP [State: Mitigation Implemented] [Priority: High]

Category: Repudiation
Description: Server HTTP claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the
source, time, and summary of the received data.
Justification: DREAD = 3+3+3+2+2 = 13 RIESGO ALTO
Dread-damage: High
Dread- High
Reproducibility:
Dread- High
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1: VALIDACION DE DATOS EXTERNOS
Safeguard 2: DESINFECCION DE ARCHIVOS ANTES DE SUBIRLOS
Safeguard 3:

Interaction: Proceso

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 25/29

28/11/2019 Threat Modeling Report

78. Spoofing the Talento Humano External Entity [State: Mitigation Implemented] [Priority: High]

Category: Spoofing
Description: Talento Humano may be spoofed by an attacker and this may lead to unauthorized access to Equipo Cliente. Consider using a standard
authentication mechanism to identify the external entity.
Justification: DREAD = 3+3+3+3+3 = 15 RIESGO ALTO
Dread-damage: High
Dread- High
Reproducibility:
Dread- High
Exploitability:
Dread-Affected High
users:
Dread- High
Discoverablity:
Safeguard 1: MECANISMO DE AUTENTICACIÓN ESTANDAR
Safeguard 2: FIREWALL
Safeguard 3:

79. Elevation Using Impersonation [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Equipo Cliente may be able to impersonate the context of Talento Humano in order to gain additional privilege.
Justification: DREAD = 3+2+2+3+2 = 12 RIESGO ALTO
Dread-damage: High
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: High
Dread-Discoverablity: Medium
Safeguard 1: NO USAR LA SUPLANTACIÓN
Safeguard 2: MINIMO DE PERMISOS PARA USUARIOS
Safeguard 3:

Interaction: Procesos

80. Spoofing the Human User External Entity [State: Mitigation Implemented] [Priority: High]

Category: Spoofing
Description: Human User may be spoofed by an attacker and this may lead to unauthorized access to Browser Client. Consider using a standard
authentication mechanism to identify the external entity.

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 26/29

28/11/2019 Threat Modeling Report
Justification: DREAD = 3+2+2+3+2 = 12 RIESGO ALTO
Dread-damage: Medium
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected High
users:
Dread- Medium
Discoverablity:
Safeguard 1: AUTENTICACION DOS FACTORES
Safeguard 2: MEJORA METODOS DE AUTENTICACIÓN
Safeguard 3:

81. Elevation Using Impersonation [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Browser Client may be able to impersonate the context of Human User in order to gain additional privilege.
Justification: DREAD = 2+2+2+2+2 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Medium
Dread-Discoverablity: Medium
Safeguard 1: POLITICAS DE AUTENTICACIÓN DE USUARIOS
Safeguard 2: AUDITORIA DE SESIONES DE USUARIOS
Safeguard 3:

82. Elevation Using Impersonation [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Navegador may be able to impersonate the context of Equipo Cliente in order to gain additional privilege.
Justification: DREAD = 2+2+2+1+2 = 9 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Low
Dread-Discoverablity: Medium
Safeguard 1: VALIDAR LOS DATOS DEL USUARIO ENVIADOS
Safeguard 2: LIMITAR LA CANTIDAD DE DATOS ENVIADOPS POR EL USUARIO
Safeguard 3:

83. Equipo Cliente Process Memory Tampered [State: Mitigation Implemented] [Priority: High]

Category: Tampering
Description: If Equipo Cliente is given access to memory, such as shared memory or pointers, or is given the ability to control what Navegador executes
(for example, passing back a function pointer.), then Equipo Cliente can tamper with Navegador. Consider if the function could work with less
access to memory, such as passing data rather than pointers. Copy in data provided, and then validate it.
Justification: DREAD = 2+2+2+3+2 = 11 RIESGO MEDIO
Dread- Medium
damage:
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected High
users:
Dread- Medium

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 27/29

28/11/2019 Threat Modeling Report
Discoverablity:
Safeguard 1: AMPLIACION DE MEMORIA A EQUIPOS
Safeguard 2: VALIDACION DE APLICACIONES INNECESARIAS
Safeguard 3:

Interaction: Respuesta

84. Spoofing of Source Data Store SQL Database [State: Mitigation Implemented] [Priority: High]

Category: Spoofing
Description: SQL Database may be spoofed by an attacker and this may lead to incorrect data delivered to Server SQL. Consider using a standard
authentication mechanism to identify the source data store.
Justification: DREAD = 3+2+2+2+2 = 11 RIESGO MEDIO
Dread-damage: High
Dread- Medium
Reproducibility:
Dread- Medium
Exploitability:
Dread-Affected Medium
users:
Dread- Medium
Discoverablity:
Safeguard 1: PRIVILEGIOS DE USUARIOS DEL SERVIDOR DE BASE DE DATOS
Safeguard 2: COPIAS DE SEGURIDAD BASE DE DATOS
Safeguard 3:

85. Weak Access Control for a Resource [State: Mitigation Implemented] [Priority: High]

Category: Information Disclosure

Description: Improper data protection of SQL Database can allow an attacker to read information not intended for disclosure. Review authorization
settings.
Justification: DREAD = 2+3+2+2+1 = 10 RIESGO MEDIO
Dread-damage: Medium
Dread- High
Reproducibility:
Dread-Exploitability: Medium
Dread-Affected Medium
users:
Dread- Low
Discoverablity:
Safeguard 1: VERIFICACIÓN DE PERMISOS DE USUARIOS O GRUPOS
Safeguard 2: CORTAFUEGOS
Safeguard 3:

Interaction: Respuesta

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 28/29

28/11/2019 Threat Modeling Report

86. Elevation Using Impersonation [State: Mitigation Implemented] [Priority: High]

Category: Elevation Of Privilege

Description: Equipo Cliente may be able to impersonate the context of Navegador in order to gain additional privilege.
Justification: DREAD = 2+2+2+1+2 = 9 RIESGO MEDIO
Dread-damage: Medium
Dread-Reproducibility: Medium
Dread-Exploitability: Medium
Dread-Affected users: Low
Dread-Discoverablity: Medium
Safeguard 1: VALIDAR LOS DATOS DEL USUARIO ENVIADOS
Safeguard 2: LIMITAR LA CANTIDAD DE DATOS ENVIADOPS POR EL USUARIO
Safeguard 3:

87. Memoria del proceso Navegador manipulada [Estado: Mitigación implementada] [Prioridad: Alta]

Categoría: Manipulación
Descripción: Si se le da acceso a Navegador a la memoria, como memoria compartida o punteros, o se le da la capacidad de controlar lo que ejecuta
Equipo Cliente (por ejemplo, pasar un puntero de función), entonces Navegador puede manipular al Equipo Cliente. Considere si la función
podría funcionar con menos acceso a la memoria, como pasar datos en lugar de punteros. Copie los datos proporcionados y luego
valídelos.
Justificación: DREAD = 2 + 2 + 2 + 3 + 2 = 11 RIESGO MEDIO
Daño aterrador: Medio
Reproducibilidad Medio
temible:
Explotabilidad Medio
temible:
Usuarios Alto
afectados por el
temor:
Pavor- Medio
Discoverablity:
Salvaguarda 1: AMPLIACION DE MEMORIA A EQUIPOS
Salvaguarda 2: VALIDACION DE APLICACIONES INNECESARIAS
Salvaguarda 3:

file:///C:/Users/norca/Desktop/UNAD3/RIESGOS Y CONTROL INFORMATICO/Fase 4/Reporte.htm 29/29

También podría gustarte

1-Fase 4 - Realizar Actividad Práctica de Modelado de Amenazas.
67% (3)
1-Fase 4 - Realizar Actividad Práctica de Modelado de Amenazas.
40 páginas
Fase 5 - Sustentación Colaborativa
100% (1)
Fase 5 - Sustentación Colaborativa
13 páginas
Aporte 1 Fase 3
Aún no hay calificaciones
Aporte 1 Fase 3
10 páginas
Modelado de Amenazas en Librería Online
Aún no hay calificaciones
Modelado de Amenazas en Librería Online
29 páginas
Análisis de Riesgos en Ciberseguridad
Aún no hay calificaciones
Análisis de Riesgos en Ciberseguridad
14 páginas
Trabajo Colaborativo V6
Aún no hay calificaciones
Trabajo Colaborativo V6
21 páginas
Vulnerabilidades en Aplicaciones Web
Aún no hay calificaciones
Vulnerabilidades en Aplicaciones Web
9 páginas
Fase 1 - Angella Yepez Ortega
Aún no hay calificaciones
Fase 1 - Angella Yepez Ortega
16 páginas
Modelado de Amenazas en Aplicaciones Web
0% (1)
Modelado de Amenazas en Aplicaciones Web
6 páginas
Actividad - Individual - Fase2 - Henry - Fonseca - PLANIFICACIÓN DE ESQUEMAS DE DETECCIÓN Y GESTIÓN DE ATAQUES
Aún no hay calificaciones
Actividad - Individual - Fase2 - Henry - Fonseca - PLANIFICACIÓN DE ESQUEMAS DE DETECCIÓN Y GESTIÓN DE ATAQUES
10 páginas
Fase 3 - 219017 - 2
Aún no hay calificaciones
Fase 3 - 219017 - 2
89 páginas
Auditoría de Seguridad Informática Empresarial
Aún no hay calificaciones
Auditoría de Seguridad Informática Empresarial
4 páginas
Evaluación de Seguridad en Redes
Aún no hay calificaciones
Evaluación de Seguridad en Redes
17 páginas
Andres Sanchez Trabajo Metodologias Modelado Amenazas
Aún no hay calificaciones
Andres Sanchez Trabajo Metodologias Modelado Amenazas
5 páginas
Tipos de Amenazas de Seguridad Informática
Aún no hay calificaciones
Tipos de Amenazas de Seguridad Informática
24 páginas
Identificación de Vulnerabilidades TI
Aún no hay calificaciones
Identificación de Vulnerabilidades TI
13 páginas
Seguridad en Redes de Banda Ancha
Aún no hay calificaciones
Seguridad en Redes de Banda Ancha
18 páginas
Análisis de Riesgos en Ciberseguridad
Aún no hay calificaciones
Análisis de Riesgos en Ciberseguridad
24 páginas
Minimización de riesgos de njRAT
Aún no hay calificaciones
Minimización de riesgos de njRAT
9 páginas
Tarea 2 Introduccion A La Seguridad
Aún no hay calificaciones
Tarea 2 Introduccion A La Seguridad
37 páginas
Equipos Estratégicos en Ciberseguridad
Aún no hay calificaciones
Equipos Estratégicos en Ciberseguridad
19 páginas
Reglas Snort para Detección de Intrusos
100% (3)
Reglas Snort para Detección de Intrusos
2 páginas
Actividad 2 Amenazas y Vulnerabilidades
Aún no hay calificaciones
Actividad 2 Amenazas y Vulnerabilidades
11 páginas
Pre-auditoría SGSI en Institución Educativa
Aún no hay calificaciones
Pre-auditoría SGSI en Institución Educativa
10 páginas
Santiago Félix Alejandro Elaboración de Una Norma de Seguridaad
Aún no hay calificaciones
Santiago Félix Alejandro Elaboración de Una Norma de Seguridaad
15 páginas
Muciber02 Act1
100% (1)
Muciber02 Act1
2 páginas
Análisis de Ataques Cibernéticos APT
100% (1)
Análisis de Ataques Cibernéticos APT
23 páginas
Tema 6
100% (1)
Tema 6
5 páginas
Herramienta para Análisis de Riesgos
Aún no hay calificaciones
Herramienta para Análisis de Riesgos
54 páginas
Nist SP 800-39 Esp
Aún no hay calificaciones
Nist SP 800-39 Esp
88 páginas
Gobierno y Análisis de Ciberseguridad
Aún no hay calificaciones
Gobierno y Análisis de Ciberseguridad
28 páginas
Gestión de Riesgos en TV Peruana
Aún no hay calificaciones
Gestión de Riesgos en TV Peruana
18 páginas
Actividad 4 - Analisis de Escenarios
Aún no hay calificaciones
Actividad 4 - Analisis de Escenarios
19 páginas
Fase 2 - Grupo219017 - 2
Aún no hay calificaciones
Fase 2 - Grupo219017 - 2
33 páginas
Implementación del SGSI en RTT Ibérica
Aún no hay calificaciones
Implementación del SGSI en RTT Ibérica
12 páginas
Realización de Un EDR o ROA
Aún no hay calificaciones
Realización de Un EDR o ROA
10 páginas
Análisis de Riesgos en Formatech
Aún no hay calificaciones
Análisis de Riesgos en Formatech
7 páginas
Actividad 3-AARR
Aún no hay calificaciones
Actividad 3-AARR
16 páginas
Plan de Auditoría de Seguridad TI
Aún no hay calificaciones
Plan de Auditoría de Seguridad TI
5 páginas
Ataques Pasivos y Activos en Informática
0% (1)
Ataques Pasivos y Activos en Informática
8 páginas
Retos de seguridad en IPsec e IPv6
Aún no hay calificaciones
Retos de seguridad en IPsec e IPv6
1 página
Ciberseguridad en Colombia: Retos y Estrategias
Aún no hay calificaciones
Ciberseguridad en Colombia: Retos y Estrategias
10 páginas
Marco MITRE ATT&CK y Vulnerabilidades WiFi
Aún no hay calificaciones
Marco MITRE ATT&CK y Vulnerabilidades WiFi
4 páginas
Modelo de Prevención en Ciberseguridad
Aún no hay calificaciones
Modelo de Prevención en Ciberseguridad
14 páginas
Fase 2 - Aplicación de Metodologías para La Recolección de Información
Aún no hay calificaciones
Fase 2 - Aplicación de Metodologías para La Recolección de Información
23 páginas
Test Tema 7. Gobierno y Gesti N de La Funci N de Auditor A Revisi N Del Intento UNIR PDF
100% (1)
Test Tema 7. Gobierno y Gesti N de La Funci N de Auditor A Revisi N Del Intento UNIR PDF
5 páginas
Análisis de Ataques Cibernéticos APT
Aún no hay calificaciones
Análisis de Ataques Cibernéticos APT
18 páginas
Esquemas de Detección de Ataques Informáticos
Aún no hay calificaciones
Esquemas de Detección de Ataques Informáticos
12 páginas
Tema 10 - Seg en Sist App y Big Data
Aún no hay calificaciones
Tema 10 - Seg en Sist App y Big Data
46 páginas
Control Interno en Auditoría de Sistemas
Aún no hay calificaciones
Control Interno en Auditoría de Sistemas
11 páginas
Gestion Riesgo Organizacion Parte1
Aún no hay calificaciones
Gestion Riesgo Organizacion Parte1
18 páginas
Actividad3 Análisis de Un Dispositivo Móvil
Aún no hay calificaciones
Actividad3 Análisis de Un Dispositivo Móvil
5 páginas
Cual Es El Rol Actual Del CISO en Las Organizaciones Debido Al Coronavirus
Aún no hay calificaciones
Cual Es El Rol Actual Del CISO en Las Organizaciones Debido Al Coronavirus
3 páginas
Test Tema 10. Auditorías de Cumplimiento y Metodologías de Auditoría
100% (1)
Test Tema 10. Auditorías de Cumplimiento y Metodologías de Auditoría
4 páginas
Actividad 2 (Individual) - OSINT. Información en Fuentes Abiertas
Aún no hay calificaciones
Actividad 2 (Individual) - OSINT. Información en Fuentes Abiertas
2 páginas
Guía Básica de RPO, RTO, WRT y MTD
Aún no hay calificaciones
Guía Básica de RPO, RTO, WRT y MTD
5 páginas
Revisión del SGSI en RTT Ibérica
Aún no hay calificaciones
Revisión del SGSI en RTT Ibérica
47 páginas
Modelado de Amenazas Digitales
Aún no hay calificaciones
Modelado de Amenazas Digitales
35 páginas
Medidas de Prevención de Vulnerabilidades
Aún no hay calificaciones
Medidas de Prevención de Vulnerabilidades
6 páginas
Modelando Amenazas en Seguridad Informática
Aún no hay calificaciones
Modelando Amenazas en Seguridad Informática
13 páginas
Instalación y Pros/Contras de Avast
100% (1)
Instalación y Pros/Contras de Avast
8 páginas
Laboratorio 01 Kali Linux Metasploitable
Aún no hay calificaciones
Laboratorio 01 Kali Linux Metasploitable
42 páginas
Test de Penetración en Redes IPv4
Aún no hay calificaciones
Test de Penetración en Redes IPv4
3 páginas
U1A1 Taller Fundamentos de Criptografia.
Aún no hay calificaciones
U1A1 Taller Fundamentos de Criptografia.
8 páginas
Herramientas Clave para Auditorías de Redes
Aún no hay calificaciones
Herramientas Clave para Auditorías de Redes
10 páginas
Informe sobre Ciberseguridad en 2021
Aún no hay calificaciones
Informe sobre Ciberseguridad en 2021
16 páginas
Diagnóstico de Madurez en Ciberseguridad
Aún no hay calificaciones
Diagnóstico de Madurez en Ciberseguridad
8 páginas
Resumen GRUPO 4
Aún no hay calificaciones
Resumen GRUPO 4
4 páginas
Nuevas Direcciones en Criptografía
Aún no hay calificaciones
Nuevas Direcciones en Criptografía
5 páginas
FortiSRA - Webinar ESP
Aún no hay calificaciones
FortiSRA - Webinar ESP
30 páginas
Requisitos Documentales de PCI DSS
Aún no hay calificaciones
Requisitos Documentales de PCI DSS
7 páginas
Fundamentos de Seguridad Mta 16-399 PDF
0% (1)
Fundamentos de Seguridad Mta 16-399 PDF
200 páginas
Actividad 2. Análisis Estático 15 Código de Una Aplicación Grupal
Aún no hay calificaciones
Actividad 2. Análisis Estático 15 Código de Una Aplicación Grupal
27 páginas
Definición y significado de hacker
Aún no hay calificaciones
Definición y significado de hacker
2 páginas
Seguridad de Contraseñas y MFA
Aún no hay calificaciones
Seguridad de Contraseñas y MFA
17 páginas
Troyano Net Bus: Análisis y Funcionamiento
Aún no hay calificaciones
Troyano Net Bus: Análisis y Funcionamiento
6 páginas
Ciberguerra: Amenazas y Vulnerabilidades
Aún no hay calificaciones
Ciberguerra: Amenazas y Vulnerabilidades
2 páginas
Tripulantes Temarios Informáticos
Aún no hay calificaciones
Tripulantes Temarios Informáticos
1 página
Curso de Seguridad Informática Integral
Aún no hay calificaciones
Curso de Seguridad Informática Integral
10 páginas
Evaluación Del Capítulo 5 - Attempt Review
Aún no hay calificaciones
Evaluación Del Capítulo 5 - Attempt Review
10 páginas
Cuestionario de Seguridad: Malos Actores
Aún no hay calificaciones
Cuestionario de Seguridad: Malos Actores
2 páginas
Guia para Estar Seguro en Instagram
Aún no hay calificaciones
Guia para Estar Seguro en Instagram
9 páginas
Guía de Criptografía y Seguridad Informática
100% (2)
Guía de Criptografía y Seguridad Informática
11 páginas
Actividad Individual Tipos Delictivos
Aún no hay calificaciones
Actividad Individual Tipos Delictivos
12 páginas
V2: Requisitos de Verificación de Autenticación
Aún no hay calificaciones
V2: Requisitos de Verificación de Autenticación
5 páginas
Criptografía con Matrices
Aún no hay calificaciones
Criptografía con Matrices
13 páginas
Historia y fundamentos de la criptografía
Aún no hay calificaciones
Historia y fundamentos de la criptografía
256 páginas
Examen Cisco 2 Completo
Aún no hay calificaciones
Examen Cisco 2 Completo
4 páginas
Estrategianalciberseguridad Edgarespinosa
Aún no hay calificaciones
Estrategianalciberseguridad Edgarespinosa
32 páginas
Tecnicas Criptograficas de Proteccion de Datos
0% (2)
Tecnicas Criptograficas de Proteccion de Datos
2 páginas