-
Title
Threat Modeling Vulnerability assessment questions for TPAM -
Description
This article includes answers for the Threat Modeling Vulnerability assessment questions for TPAM.
There are some questions focus on the web browser for access TPAM web interface:
1. Do you implement input validation, output encoding, and enforce a Content Security Policy to protect your web UI from malicious input and attacks?
2. Do you regularly update and check dependencies in your project?
3. Do you use frame-busting scripts, the X-Frame-Options header, and Content Security Policy to prevent your web UI from being embedded in other websites?
4. Do you use multi-factor authentication and follow the principle of least privilege?
The above questions need to answer with following options:
No, and this is not applicable
This requirement cannot be implemented in this system or is out of scope
No, but it is required
This requirement has to be implemented
Not sure This requirement is under analysis
Yes, it is implemented This functionality is already present in the system -
Resolution
(Question 1)
1.Do you implement input validation,
Answer: Yes, (already implemented)
2.Output encoding,
Answer: Yes, (already implemented)
3.and enforce a Content Security Policy to protect your web UI from malicious input and attacks?
Answer: No, and this is not applicable (out of scope)
(Question 2)
4.Do you regularly update and check dependencies in your project?
Answer: No, and this is not applicable (out of scope).
(Question 3)5.Do you use frame-busting scripts,
Answer: Yes, (already implemented)
6.the X-Frame-Options header,
Answer: No, and this is not applicable (out of scope)
7.and Content Security Policy to prevent your web UI from being embedded in other websites?
Answer: No, and this is not applicable (out of scope)
(Question 4)
8.Do you use multi-factor authentication
Answer: Yes, (already implemented).
9.and follow the principle of least privilege?
Answer: Yes, (already implemented).