SoftwareProduct

Purpose

The SoftwareProduct object is used to represent what piece of software the associated object is realized by.

Connections

SoftwareProduct and Neighboring Objects
SoftwareProduct and Neighboring Objects

 

ObjectConnectionDescription
ClientSoftware PropertiesWhat software the Client is based on.
HostSoftware PropertiesWhat operating system software/distribution/release the Host object is using/based on.
ServiceSoftware PropertiesWhat software is used to provide/implement the network service in question.

 

One SoftwareProduct may be connected to several Host, Client or Service objects. However, one SoftwareProduct object may not be connected to a mix of Host, Client or Service objects. Trying to do that will bring up a message window saying that it’s not possible and the connection will not be made.

SoftwareProduct can not be Connected to a Mix of Client/Service/Host
SoftwareProduct can not be Connected to a Mix of Client/Service/Host

 

Actually, what it means is that you can not connect the Client object to a SoftwareProduct object that is already used by another type of object (Service or Host).

Attack Steps and Defenses

SoftwareProduct Attack Steps and Defenses
SoftwareProduct Attack Steps and Defenses

 

Before going through the list of attack steps below, there are some concepts that could use an explanation;

The word Public refers to that a vulnerability has been discovered and reported to some public vulnerability database/list/community and thus is made publicly known.

The word Patchable refers to a vulnerability there is a remedy for. An update is available.

The word Unpatchable refers to a vulnerability that there is no remedy for, either because the software in question has been discontinued or that no remedy/update is yet available for this vulnerability.

The word Find refers to the possibility to find a publicly known vulnerability in this particular SoftwareProduct.

The word Develop refers to the possibility to develop an exploit for a vulnerability this SoftwareProduct has been found to have.

The word Exploit refers to the possibility to find an already developed exploit for the (above) vulnerability and to make use of it.

 

Attack StepDescriptionLeads to
DevelopExploitForPublic
PatchableVulnerability
The possibility to develop an exploit for a vulnerability that there is an available remedy/update for.Host: DeployExploit
Client: DeployExploit
Service: DeployExploit
DevelopExploitForPublic
UnpatchableVulnerability
The possibility to develop an exploit for a vulnerability that there is no available remedy/update for.Host: DeployExploit
Client: DeployExploit
Service: DeployExploit
DevelopZeroDayThe possibility to develop a brand new exploit from scratch.Host: DeployExploit
Client: DeployExploit
Service: DeployExploit
FindExploitForPublic
PatchableVulnerability
The possibility to find an already developed exploit for a vulnerability that there is a patch for and make use of it.Host: DeployExploit
Client: DeployExploit
Service: DeployExploit
FindExploitForPublic
UnpatchableVulnerability
The possibility to find an already developed exploit for a vulnerability that there is no patch for and make use of it.Host: DeployExploit
Client: DeployExploit
Service: DeployExploit
FindPublic
PatchableVulnerability
The possibility to find out that the SoftwareProduct has a known vulnerability which there is a patch for.SoftwareProduct: FindExploitForPublicPatchableVulnerability
SoftwareProduct: DevelopExploitForPublicPatchableVulnerability
FindPublic
UnpatchableVulnerability
The possibility to find out that the SoftwareProduct has a known vulnerability which there is no patch for.SoftwareProduct: FindExploitForPublicPatchableVulnerability
SoftwareProduct: DevelopExploitForPublicPatchableVulnerability
SoftwareProduct: FindExploitForPublicUnpatchableVulnerability
SoftwareProduct: DevelopExploitForPublicUnpatchableVulnerability

 

DefenseDescriptionImpactDefault
HasVendorSupportDenotes access to patches through current vendor support of the particular product modeled.Missing vendor support means software end-of-life, and leads to instant access to exploits to known vulnerabilities (which cannot be patched).Off
NoPatchable VulnerabilityDenotes a situation where its known that the modeled software product has no patchable vulnerabilities available in public databases e.g. National Vulnerability Database (NVD), PacketStorm or Exploit DB.The probability of success of Find public patchable vulnerability.Off
NoUnpatchable VulnerabilityDenotes a situation where its known that the modeled software product has no unpatchable vulnerabilities available in public databases e.g. National Vulnerability Database (NVD), PacketStorm or Exploit DB.The probability of success of Find public unpatchable vulnerability.On
SafeLanguagesSafe programming languages are those who perform boundary checking to reduce the risk of buffer overflow attack e.g. Java and Python. Software written with languages without this check (e.g. C, C++) increases the risk of finding vulnerabilities. Libraries used to encapsulate unsafe C, C++ code (e.g. libsafe) are included in this defense.The probability of success of Develop zero day.Off
ScruntinizedDenotes whether or not time and effort have been spent to test the software thoroughly. Which reduces the frequency of discovered vulnerabilities.The probability of success of Develop zero day.Off
SecretBinaryWith access to the binary and black box testing an attacker can test the binary and detect vulnerabilities in the software. Without access to the binary (i.e. closed or custom software), it is virtually impossible to find new vulnerabilities.The probability of success of develop exploit for public patchable vulnerability, develop exploit for public unpatchable vulnerability and find exploit for public unpatchable vulnerability.On
SecretSourceWith access to the source code (e.g. open source) and white box testing an attacker can test the software to find bugs and vulnerabilities in the software. Closed or proprietary software makes obtaining the source code much more difficult.The probability of success of develop exploit for public patchable vulnerability,
develop exploit for public unpatchable vulnerability and develop zero day.
On
StaticCodeAnalysisStatic code analysis is the analysis of software source code without executing the program. Static code analysis tools can automatically look for specific patterns to find vulnerabilities and bugs.The probability of success of develop zero day.On