Ir para o conteúdo

Threat Models

Security threat analysis for MundiX components.

Authentication System

Assets

  • User credentials
  • JWT access tokens
  • Refresh tokens
  • Session data

Threats

  1. Brute Force Attack
  2. Impact: HIGH
  3. Mitigation: Rate limiting (5/min), account lockout

  4. Status: ✅ Mitigated

  5. Token Theft

  6. Impact: HIGH
  7. Mitigation: HTTPS only, short expiry (15min), refresh rotation

  8. Status: ✅ Mitigated

  9. SQL Injection

  10. Impact: CRITICAL
  11. Mitigation: SQLAlchemy ORM, parameterized queries

  12. Status: ✅ Mitigated

  13. Password Cracking

  14. Impact: HIGH
  15. Mitigation: Bcrypt (cost 12), salted hashes

  16. Status: ✅ Mitigated

  17. Race Condition (Refresh)

  18. Impact: MEDIUM
  19. Mitigation: SELECT FOR UPDATE, atomic transactions
  20. Status: ✅ Mitigated

Residual Risks

  • User credential phishing: User education required
  • Compromised environment variables: Secrets management needed

API Endpoints

Threats

  1. DDoS Attack
  2. Impact: HIGH
  3. Mitigation: Rate limiting, load balancing

  4. Status: ⚠️ Partial (rate limiting only)

  5. Unauthorized Access

  6. Impact: CRITICAL
  7. Mitigation: JWT validation, role-based access
  8. Status: ✅ Mitigated

Data Storage

Threats

  1. Database Breach
  2. Impact: CRITICAL
  3. Mitigation: Network isolation, password hashing

  4. Status: ⚠️ Partial (encryption at rest needed)

  5. Backup Exposure

  6. Impact: HIGH
  7. Mitigation: Encrypted backups
  8. Status: ❌ Not implemented

Overall Risk Level: MEDIUM
Action Required: Implement encryption at rest, backup encryption