From 239ce489b5188cf3ce6d0af7f26202fcf374b43f Mon Sep 17 00:00:00 2001 From: Stefan Weng Date: Mon, 18 Dec 2023 22:53:03 +0100 Subject: [PATCH] fix typo in default-threats-library.yml --- .../resources/threats-library/default-threats-library.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/resources/threats-library/default-threats-library.yml b/src/main/resources/threats-library/default-threats-library.yml index 2780057..e41c3ae 100644 --- a/src/main/resources/threats-library/default-threats-library.yml +++ b/src/main/resources/threats-library/default-threats-library.yml @@ -49,7 +49,7 @@ rules: owasp: identification-and-authentication-failures expression: flow.authenticationMethod == undefined exclude: flow.inScope == false - description: In case of of weak authentication for {target.name} connection, a potential attacker can easily spoof another users identity or gain access to any accounts credentials + description: In case of weak authentication for {target.name} connection, a potential attacker can easily spoof another users identity or gain access to any accounts credentials remediation: Consider usage of strong authentication method for {target.name} access (OpenID, Kerberos, etc) - ntlm-protocol-usage @@ -69,7 +69,7 @@ rules: owasp: identification-and-authentication-failures expression: (flow.authenticationMethod == credentials) or (flow.authenticationMethod == basic) exclude: (flow.inScope == false) or (target.type == database) - description: In case of of basic or simple password authentication on {target.name} side, a potential attacker can brute-force weak credentials and hijack any account + description: In case of basic or simple password authentication on {target.name} side, a potential attacker can brute-force weak credentials and hijack any account remediation: 1. Consider usage of rate-limit protection on {target.name} side 2. (If applicable) Consider usage of MFA on {target.name} side - default-account-disabling @@ -290,4 +290,4 @@ rules: expression: (source within global-network) and ((target within demilitarized-zone) or (target within corporate-network) or (target within closed-perimeter)) exclude: flow.inScope == false description: In case if the application environment unproperly configured (for example, unnecessary port is opened or unused vulnerable services are enabled), these weakneses can be used by an attacker to gather additional information about application components or to gain full access to the application's data or secrets in the worst case - remediation: 1. If the application is hosted on-prem, consider hardening the application machines and the infrastructure according to the industry security best practice (for example, use CIS Becnhmarks for Windows, Linux application machines or CIS Benchmark for Docker, Kubernetes for containerized environment) 2. If the application is hosted on-cloud, consider following the security best practices for your type of Cloud (for example, CIS Benchmark for AWS, GCP or Azure) \ No newline at end of file + remediation: 1. If the application is hosted on-prem, consider hardening the application machines and the infrastructure according to the industry security best practice (for example, use CIS Benchmarks for Windows, Linux application machines or CIS Benchmark for Docker, Kubernetes for containerized environment) 2. If the application is hosted on-cloud, consider following the security best practices for your type of Cloud (for example, CIS Benchmark for AWS, GCP or Azure)