Skip to content

Latest commit

 

History

History
89 lines (72 loc) · 6.01 KB

threat-modeling.md

File metadata and controls

89 lines (72 loc) · 6.01 KB

Threat Model Analysis for go-sql-driver/mysql

Threat: Classic SQL Injection

  • Description: Attacker injects malicious SQL code into application input fields. The application, without proper sanitization or parameterization, executes this code against the MySQL database. This allows the attacker to bypass application logic and directly interact with the database.
    • Impact: Data breach (unauthorized access to sensitive data), data modification, data deletion, account takeover, potential remote code execution on the database server.
    • Risk Severity: Critical
    • Mitigation Strategies:
      • Use parameterized queries (prepared statements) provided by go-sql-driver/mysql for all database interactions.
      • Implement input validation and sanitization as a secondary defense.
      • Apply principle of least privilege to database user accounts.

Threat: Second-Order SQL Injection

  • Description: Attacker injects malicious SQL code into the database as seemingly harmless data. Later, when this data is retrieved and used in a dynamically constructed SQL query by the application, the injected code is executed.
    • Impact: Data breach, data modification, data deletion, account takeover, potential remote code execution on the database server.
    • Risk Severity: High
    • Mitigation Strategies:
      • Parameterize queries when retrieving data from the database and using it in subsequent queries.
      • Implement output encoding when displaying data retrieved from the database.
      • Regularly audit application code for dynamic query construction using database data.

Threat: Weak or Default MySQL Credentials

  • Description: Attacker uses brute-force attacks or known default credentials to gain unauthorized access to MySQL user accounts, especially root or application-specific users.
    • Impact: Full database compromise, access to all data, data modification/deletion, potential server takeover if root is compromised.
    • Risk Severity: Critical
    • Mitigation Strategies:
      • Enforce strong password policies for all MySQL user accounts.
      • Never use default passwords; change them immediately upon installation.
      • Restrict network access to MySQL server using firewalls.

Threat: Insecure Storage of MySQL Credentials

  • Description: Attacker gains access to application codebase, configuration files, or environment variables and finds plaintext or easily reversible MySQL credentials.
    • Impact: Database compromise, attacker can connect to the database and perform unauthorized actions.
    • Risk Severity: High
    • Mitigation Strategies:
      • Avoid storing credentials directly in code.
      • Use secure configuration management (environment variables, secret management systems).
      • Encrypt configuration files containing credentials.
      • Restrict file system permissions on configuration files.

Threat: Insecure Data Storage in MySQL

  • Description: Attacker gains access to the database and finds sensitive data stored in plaintext, making it easily accessible.
    • Impact: Data breach, exposure of sensitive information, compliance violations, reputational damage.
    • Risk Severity: Critical
    • Mitigation Strategies:
      • Encrypt sensitive data at rest within the database (TDE or application-level encryption).
      • Hash passwords using strong, salted hashing algorithms.
      • Consider tokenization or pseudonymization for sensitive data.
      • Implement data masking in non-production environments.

Threat: MySQL Server Downtime or Unavailability

  • Description: MySQL server becomes unavailable due to failures, bugs, misconfigurations, or attacks, disrupting application functionality.
    • Impact: Application downtime, service disruption, loss of revenue, user dissatisfaction.
    • Risk Severity: High
    • Mitigation Strategies:
      • Implement high availability (HA) and redundancy for MySQL (replication, clustering).
      • Regularly monitor MySQL server health and performance.
      • Implement database backups and disaster recovery procedures.
      • Optimize database performance.
      • Use connection pooling in the application.

Threat: Vulnerabilities in go-sql-driver/mysql Library

  • Description: Exploitation of bugs or security vulnerabilities within the go-sql-driver/mysql library itself.
    • Impact: Varies depending on the vulnerability, potential data breach, denial of service, etc.
    • Risk Severity: High (potential for critical vulnerabilities)
    • Mitigation Strategies:
      • Keep go-sql-driver/mysql library up to date.
      • Monitor security advisories for the driver.
      • Follow secure coding practices when using the driver.

Threat: Insecure MySQL Server Configuration

  • Description: Using default or insecure configurations for the MySQL server, leaving it vulnerable to attacks.
    • Impact: Increased attack surface, vulnerability to exploitation, potential data breach, denial of service, server compromise.
    • Risk Severity: High
    • Mitigation Strategies:
      • Harden MySQL server configuration following security best practices.
      • Disable unnecessary features and services.
      • Restrict network access to MySQL server.
      • Regularly apply security patches and updates.
      • Implement security auditing and logging.
      • Regularly review and audit MySQL server configuration.