Читать книгу Alice and Bob Learn Application Security - Tanya Janca - Страница 11

An insider threat means that someone who has approved access to your systems, network, and data (usually an employee or consultant) negatively affects one or more of the CIA aspects of your systems, data, and/or network. This can be malicious (on purpose) or accidental.

Here are some examples of malicious threats and the parts of the CIA Triad they affect:

 An employee downloading intellectual property onto a portable drive, leaving the building, and then selling the information to your competitors (confidentiality)

 An employee deleting a database and its backup on their last day of work because they are angry that they were dismissed (availability)

 An employee programming a back door into a system so they can steal from your company (integrity and confidentiality)

 An employee downloading sensitive files from another employee’s computer and using them for blackmail (confidentiality)

 An employee accidentally deleting files, then changing the logs to cover their mistake (integrity and availability)

 An employee not reporting a vulnerability to management in order to avoid the work of fixing it (potentially all three, depending upon the type of vulnerability)

Here are some examples of accidental threats and the parts of the CIA Triad they affect:

 Employees using software improperly, causing it to fall into an unknown state (potentially all three)

 An employee accidentally deleting valuable data, files, or even entire systems (availability)

 An employee accidentally misconfiguring software, the network, or other software in a way that introduces security vulnerabilities (potentially all three)

 An inexperienced employee pointing a web proxy/dynamic application security testing (DAST) tool at one of your internal applications, crashing the application (availability) or polluting your database (integrity)We will cover how to avoid this in later chapters to ensure all of your security testing is performed safely.

WARNING Web proxy software and/or DAST tools are generally forbidden on professional work networks. Also known as “web app scanners,” web proxies are hacker tools and can cause great damage. Never point a web app scanner at a website or application and perform active scanning or other interactive testing without permission. It must be written permission, from someone with the authority to give the permission. Using a DAST tool to interact with a site on the internet (without permission) is a criminal act in many countries. Be careful, and when in doubt, always ask before you start.