Proactive Threat Mitigation with Threat Modeler: Securing APIs and authentication

Transcript

1. C L O U D N A T I V

   E D A Y S 2 0 2 5 P R O A C T I V E T H R E A T M I T I G A T I O N W I T H T H R E A T M O D E L E R : S E C U R I N G A P I S A N D A U T H E N T I C A T I O N I N A Z U R E A D E L I N A S T A N C I U S E N I O R E N G I N E E R I N G M A N A G E R A T F I N A S T R A

2. A B O U T M E • Over 15

   years of software development experience. • Leading teams across finance, e- commerce, and cybersecurity. • Designed, developed and deployed scalable applications. • Independent trainer passionate about sharing knowledge. • Proficient in project planning and stakeholder coordination. 5 / 5 / 2 0 2 5 2

3. O V E R V I E W 5 /

   5 / 2 0 2 5 3 Actionable insights for reducing security risk in cloud-native environments •Common vulnerabilities in cloud-native applications •Securing APIs: authentication, encryption, and access control •Azure-native solutions for managing security •Azure tools like Azure key vault and Azure API Management can help manage sensitive information. •Real-world examples and mitigation strategies Key Topics:

4. C O M M O N C L O U

   D S E C U R I T Y T H R E AT S 5 / 5 / 2 0 2 5 4 Authentication abuse - due to weak or reused credentials can lead to security breaches. Malicious insiders - pose risks through unauthorized data access or modifications. Insecure APIs and interfaces - create vulnerabilities in systems. Cloud-native environments require a focus on unique patterns and threats in Azure.

5. C O N T E X T 5 / 5

   / 2 0 2 5 5 The security and dependability of cloud services depend on safeguarding the API. Weak interfaces and API security issues can threaten confidentiality, integrity, availability, and accountability. APIs are often the most vulnerable part of the system, usually accessible through the public Internet. Threat modelling for applications and systems is vital in the Software Development Life Cycle (SDLC). Conduct security-oriented code reviews, security scans, and penetration testing.

6. T H R E AT M O D E L

   E R - S D L C Initial fast solution using Chase API for credit card payments • Implied handling sensitive data • PCI audits not accounted for • Security concerns underestimated • Course correction • Fully compliant PCI audited solution • Integration using iFrame Apply Threat Modeler early in SDLC during design phase 5 / 5 / 2 0 2 5 6

7. U N D E R S T A N D

   I N G A U T H E N T I C A T I O N A B U S E • Authentication Abuse exploits weaknesses in authentication mechanisms. • Attackers manipulate sequences to gain unauthorized access. • Distinction between Authentication Abuse and Bypass is crucial. • Assumptions in trust relationships can be exploited. • Does not rely on established user sessions. 5 / 5 / 2 0 2 5 7

8. M I T I G AT I O N A

   U T H E N T I C AT I O N A B U S E 5 / 5 / 2 0 2 5 8 Implement Multi-Factor Authentication to enhance security. Strong password policies are essential to prevent easy guessing. Regular penetration testing helps identify vulnerabilities.

9. M I T I G A T I O N

   A U T H E N T I C A T I O N A B U S E A Z U R E Azure API/Azure Web Apps • Authenticate Apps using Auth Strategies • Disable remote debugging for Apps • Ensure that all communications between Azure and your apps are SSL encrypted 5 / 5 / 2 0 2 5 9 Azure DB/Azure Redis Cache • Ensure that all communications between Azure and your apps are SSL encrypted

10. U N D E R S T A N D

    I N G I N S I D E R T H R E A T S • Insider threats can originate from employees, contractors, or partners. • Motivations include data theft, revenge, or sabotage. • Cloud environments are particularly vulnerable to insider attacks. • Organizations must control encryption and access rights effectively. • Effective logging and monitoring can identify potential malicious activities. 5 / 5 / 2 0 2 5 10

11. M I T I G A T I N G

    I N S I D E R T H R E A T S : B E S T P R A C T I C E S • Segregate duties to limit access and reduce risks. • Change management approval system, CAB • Implement effective logging and monitoring for activities. • Train employees on recognizing insider threats. • Establish a clear incident response plan. 5 / 5 / 2 0 2 5 11

12. M I T I G A T I N G

    I N S I D E R T H R E A T S A Z U R E Azure Web APP • Always use FTPS when using FTP • Authenticate Apps using Auth Strategies Restrict IPs for Apps • Use SSL Certificates Azure Web APP Service • Reference Secrets from Key Vault • Restrict IPs for Apps Azure DB • Enable database auditing Open • Ensure that alerts are configured to be sent to the appropriate personal • Ensure that Auditing Retention is greater than 90 days Open • Restrict access to Azure SQL DB using Firewall Rules Open • Send email notification to admins and subscription owners 5 / 5 / 2 0 2 5 12

13. A P I A U T H E N T

    I C A T I O N - B E S T P R A C T I C E S 0 5 / 0 5 / 2 0 2 5 13 AUTH Enforce strong authentication (OAuth 2.0, OpenID Connect, JWT) RETRY Implement Max Retry for failed authentication requests. LIMIT Set a limit on consecutive failed attempts to enhance security. CONTROL Use rate control mechanisms to prevent abuse. BLOCKING Incorporate auto blocking and unblocking procedures for security.

14. B E S T P R A C T I

    C E S F O R J W T S E C U R I T Y • Use a complex, random key for JWT secrets to prevent brute force attacks. • Do not extract algorithms from headers; enforce them server-side. • Shorten token expiration times for enhanced security. • Avoid storing sensitive data in JWT payloads. • Limit the number of fields in the JWT payload. 5 / 5 / 2 0 2 5 14

15. D E S I G N C O N S

    I D E R A T I O N S F O R S E C U R E A P I S • Sensitive data should never be logged in API log files. • Avoid including back-doors or maintenance hooks in APIs. • For large data processing, use Workers and Queues effectively. • Fast response times can prevent HTTP Blocking issues (async, caching, limit payload) 5 / 5 / 2 0 2 5 15

16. A P I C O M M U N I

    C AT I O N B E S T P R A C T I C E S 0 5 / 0 5 / 2 0 2 5 16 Route all API calls through the API Gateway for security. Restrict access to private APIs from whitelisted IPs only. Never expose Admin or internal API endpoints externally. Ensure proper management of microservice API communications.

17. P R O C E S S A N D

    G O V E R N A N C E F O R A P I S E C U R I T Y 5 / 5 / 2 0 2 5 17 Complete an API data classification exercise annually for better security. Integrate SAST, DAST, SCA scans into your CI/CD pipeline. Ensure all APIs are properly documented with Swagger specifications. API testing collections Include dependency information in API documentation for transparency.

18. I N T E G R A T I N

    G S A S T I N T O T H E C I / C D P I P E L I N E • Integrating both tools into the CI/CD pipeline enhances overall security posture. • Automated scans can provide immediate feedback to developers during coding phases. • Regular updates and scans ensure ongoing security compliance. 5 / 5 / 2 0 2 5 18

19. I N T E G R A T I N

    G S C A I N T O T H E C I / C D P I P E L I N E 5 / 5 / 2 0 2 5 19

20. B E S T P R A C T I

    C E S F O R A P I C O D I N G • APIs must log all sensitive operations and transactions. • Avoid hard-coded secrets or credentials in code. • Utilise UUIDs instead of auto-increment IDs for better security. • Employ the correct HTTP methods for respective operations. • Encrypt all sensitive data as per data classification standards. 5 / 5 / 2 0 2 5 20

21. A Z U R E T O O L S

    F O R S E C U R E A P I M A N A G E M E N T Azure API Management - Enhances API security through exposure controls. - It enforces policies like rate limits, CORS, and JWT validation. Azure Key Vault - Provides centralized management for secrets and keys. - It integrates securely with APIs for configuration management. 5 / 5 / 2 0 2 5 21

22. S E T T I N G U P A

    Z U R E A P I M A N A G E M E N T 5 / 5 / 2 0 2 5 22 Create Azure API, Set up an Azure API Management instance, Link APIM to API

23. D E F I N E S E C U

    R E A P I E N D P O I N T S 5 / 5 / 2 0 2 5 23 • Define API endpoints and apply security policies for authentication. • Add Inbound policy <choose> <when condition="@(context.Request.Certificate == null || !context.Request.Certificate.Verify() || ! <return-response> <set-status code="403" reason="Invalid client certificate" /> </return-response> </when>

24. I N B O U N D S E C

    U R I T Y P O L I C I E S A P I M 5 / 5 / 2 0 2 5 24

25. M A N A G I N G C L

    I E N T C E R T I F I C A T E S 5 / 5 / 2 0 2 5 25 • APIM->Certificates: the custom certificate used for client authentication must be added to the "Certificates" tab • APIM->custom domains

26. A P I M C O N F I G

    A N D S E C U R I T Y 5 / 5 / 2 0 2 5 26

27. A P I M P R O T O C

    O L S 5 / 5 / 2 0 2 5 27

28. C O N F I G U R I N

    G A Z U R E K E Y V A U LT S • Centralize management of secrets and keys in Azure. • Use access policies to control permissions effectively. • Integrate Key Vault with applications for secure access. • Monitor and audit access to sensitive information. • Enable automatic key rotation for enhanced security. 5 / 5 / 2 0 2 5 28

29. C O N F I G U R I N

    G A Z U R E K E Y V A U LT S 5 / 5 / 2 0 2 5 29

30. T H R E A T M O D E

    L I N G I N A C T I O N • Utilize STRIDE or Data Flow Diagrams (DFD) for effective threat modelling. • Identify potential attack vectors to safeguard your API. • Pinpoint vulnerable components such as exposed endpoints. • Prioritize risks to address the most critical vulnerabilities first. • Modelling an API can enhance security for customer data exchange. 5 / 5 / 2 0 2 5 30

31. T H R E A T M O D E

    L I N G F R A M E W O R K Outcome Identify possible threats along with their entry points, conditions for exploitation, and potential impacts. 5 / 5 / 2 0 2 5 31 Identify and mitigation Evaluate the impact of the identified threats and suggest appropriate mitigations. Data flows diagrams Construct data flow diagrams to illustrate the movement of data. Data stores Recognize and document data storage locations. Assets and trust levels Specify the assets requiring protection and their respective trust levels. HLD diagrams Develop high-level design (HLD) diagrams and compile a list of external dependencies.

32. T R U S T A N D R O

    L E L E V E L S Outline the access rights and trust levels that the application assigns to various entities • App Operations – System Administrator • Application Administration (Operations Team) • Branch Role (designated for branch agents) • Internal User (various roles) • Portal Website (user access at the customer level) 5 / 5 / 2 0 2 5 32

33. A S S E T S 5 / 5 /

    2 0 2 5 33 Sensitive contact information on customers stored in the main database. Customer Data Credit Card information Customer Transactions Data

34. D A T A S T O R E S

    Detail all data utilized by the product, including databases, files, in-memory data, and caches, along with any sensitive data encryption mentioned. • Main Database Holds the majority of the business data for the application. • Configuration File in Web Application Server Contains properties essential for system configuration at start-up. • DB Logs Record all transactions and activities within the system. • Application Logs Document system activities. 5 / 5 / 2 0 2 5 34

35. T H R E A T S S C E

    N A R I O S Threat Scenario - CSRF in Web UI Since the application does not have an Anti-CSRF token mechanism implemented, we are likely to be vulnerable to CSRF attacks. Threat scenario - Upload of a Malicious File An insider/attacker could upload a malicious file to the application. The victim that downloads that file could execute the payload on their client machine. 5 / 5 / 2 0 2 5 35

36. T H R E A T S M I T

    I G A T I O N For every threat recognized in the Threat Identification, outline any existing or proposed countermeasures or security controls to mitigate the assessed security risks. 5 / 5 / 2 0 2 5 36 Threat ID Planned countermeasure Current countermeasure TID1 Anti-CSRF Tokens for all security sensitive business functions. TID2 File type, size, Content type filtering

37. A U T H E N T I C A

    T I O N D A T A F L O W 1. The third-party application authenticates with encrypted payload to the Web app hosted in Azure. It is used two-way SSL authentication. 2. The Azure API decrypts the payload 3. The Azure API interacts with the key vault to verify the public certificate key id and private certificates 4. The user is authenticated to the Web App based on the API response 5. The Web App executes business logics and interacts with the SQL database directly 6. The third-party app is authenticated and able to request various operations 0 5 / 0 5 / 2 0 2 5 37

38. D I A G R A M U S I

    N G T H R E A T M O D E L E R 5 / 5 / 2 0 2 5 38

39. S U M M A R Y O F K

    E Y P O I N T S • Implementing effective authentication and access control measures is essential. • Utilizing Azure tools such as APIM and Azure Key Vaults can enhance overall security management. • Regular threat modeling and risk assessments are vital for API security. • Best practices for coding and input validation help prevent attacks. 5 / 5 / 2 0 2 5 39

40. C O N T A C T I N F

    O R M A T I O N For further inquiries or discussions, reach out anytime. Softwarecreator.dev medium.com/@adelinastanciu Adelina Stanciu 5 / 5 / 2 0 2 5 40