Open praetorian-peter-mueller opened 2 weeks ago
privateducky
commented
1 week ago @praetorian-peter-mueller the team is currently working on this ticket, for adding API identification and risk assessment: https://github.com/praetorian-inc/chariot-ui/issues/10
That seems to cover this topic, aside from authenticated API enumeration.. right?
praetorian-peter-mueller
commented
1 week ago Hi @privateducky — I believe that #10 is tangential to this.
This ticket is more about telling the engineer which attack surfaces correspond to certain kinds of application and infrastructure components. It's closer to building a threat model than trying to locate risks directly.
Please let me know if this helps answer your question.
Feature Description I request a system that maps sources of input in applications to the locations in the underlying cloud infrastructure where critical assets are processed or stored.
Problem Engineers require some tool-assisted mechanism for deciding which API endpoints, if thoroughly exploited, will result in a material risk compromise of critical assets. Without a rigorous mapping between attack surfaces and critical assets, engineers may spend excessive time trying to exploit a particular attack surface only to learn that it doesn't result in a critical compromise.
Preferred Solution The system should use a combination of authenticated crawling, code review, API specifications, and authenticated access to the underlying cloud infrastructure to map attack surfaces to critical assets. If some of these things are not available, then a subset of them should be used. The system should include appropriate visualization tools and may require the engineer to label certain kinds of assets as being more or less critical.
Alternatives Considered Engineers currently do this process manually using the techniques described above. This often yields good results, but it can be slow, error prone, and it resists scaling.
Additional Information The system can be implemented in a probabilistic manner and doesn't need to successfully identify every possible source or sink.