Threat Model Analysis¶
This document analyzes the three channels through which an adversary could extract intellectual property from the BeDefended platform, the specific data exposed through each channel, and the mitigations applied.
Adversary Profiles¶
| Profile | Motivation | Capability | Access Level |
|---|---|---|---|
| Competitor | Replicate methodology | High (dedicated RE team) | No auth, network only |
| Curious client | Understand what they're paying for | Medium (knows DevTools) | Client portal auth |
| Rogue pentester | Sell methodology to competitor | High (full admin access) | Admin auth + proxy |
| Network attacker | Opportunistic IP theft | Medium (proxy, MITM) | Network access only |
Channel 1: Frontend Code¶
Attack vector: Open browser DevTools, inspect JS source, analyze React components.
No proxy needed -- the JS bundle is downloaded by the browser and fully inspectable.
Data Previously Exposed¶
| Component | File | What It Revealed |
|---|---|---|
| Skill catalog | LaunchPentestDialog.tsx |
All 42 skills with names, groups, and parameter configs |
| Type definitions | types.ts |
PhaseStatus, TechStack, AttackSurface, AuthInfo, StealthConfig |
| Severity algorithm | severity.ts + cvss.ts |
Exact thresholds: Critical >= 9.0, High >= 7.0, etc. |
| Phase workflow | PhaseProgress.tsx |
6-phase progression with labels and icons |
| Session schema | types.ts |
Model routing fields, max_turns, skip_permissions |
Mitigations Applied¶
| Mitigation | Effect | Residual Risk |
|---|---|---|
| Skill catalog moved to backend API | Full skill list no longer in JS bundle | None -- requires auth to access |
| Terser production obfuscation | Variable names mangled, comments stripped, console removed | Low -- logic still deducible |
raw type field removed |
Frontend no longer expects context.json data | None |
Residual Exposure¶
Phase names, severity levels, and tech stack field names remain visible. These are not proprietary -- they follow industry standards (OWASP, CVSS 4.0, common fingerprinting categories).
Channel 2: API Response Interception¶
Attack vector: Run Burp Suite as a proxy, intercept HTTP responses and WebSocket messages.
Requires: Proxy tool + access to the network (or the user themselves running the proxy).
Data Previously Exposed¶
| Endpoint | Risk Level | What It Exposed |
|---|---|---|
GET /engagements/{name} |
Critical | Full context.json via raw field -- stealth config, auth tokens, attack surface flags |
GET /runner/sessions/{id}/output |
Critical | Raw CLI output -- tool commands, AI reasoning, knowledge pack references, discovery output |
WS /terminal/ws |
Critical | Live PTY stream -- AI decision points, tool calls, technique names |
WS /ws/{engagement_name} |
High | Real-time events (finding_added, phase_changed) without authentication |
GET /engagements/{name}/timeline |
High | Skill execution log with exact skill names and technique details |
GET /engagements/{name}/findings/{id} |
High | raw_markdown contained tool references even when poc was redacted |
WS /ws/client/{id} |
High | Client events without JWT validation |
GET /engagements/{name}/chains/{id} |
Medium | Attack chain diagrams with correlation logic |
GET /engagements/{name}/report |
Medium | Full report including methodology description |
GET /engagements/{name}/brief |
Medium | Client business context and focus areas |
Mitigations Applied¶
| Mitigation | Endpoints Affected | Effect |
|---|---|---|
raw field removed |
GET /engagements/{name} |
context.json no longer exposed |
| Output sanitization (11 patterns) | Runner HTTP + WS, Terminal WS | Knowledge packs, SKILL.md, AI reasoning stripped |
| JWT WebSocket auth | All 4 WS endpoints | Unauthenticated connections rejected |
raw_markdown sanitization |
GET /findings/{id} |
Internal references replaced with placeholders |
| Timeline role filtering | GET /timeline |
Viewer sees "Security Testing" not "test-injection --scope sqli" |
What Is NOT Mitigated (By Design)¶
| Data | Why It's Exposed | Why It's Acceptable |
|---|---|---|
| Finding details (title, severity, PoC) | Client deliverable | This is the product -- clients need it |
| Tech stack fingerprint results | Shown in engagement detail | Common knowledge about the target |
| Phase progress (% complete) | Dashboard progress bar | Generic phase names only |
| Report content | Downloadable by client | Contains only verified findings, not methodology |
Channel 3: Desktop Binary Reverse Engineering¶
Attack vector: Decompile Dart snapshot, run strings on binary, attach debugger.
Requires: Physical access to the binary (distributed to users).
Data Previously Exposed¶
| Technique | What It Found |
|---|---|
strings desktop_app.exe |
BD-APP-HMAC-KEY-V1.0.0-SECURE-BD (HMAC signing key) |
| Dart snapshot analysis | API endpoint URLs, service structure, proxy detection logic |
| Process inspection | Certificate validation callbacks, request signing algorithm |
Mitigations Applied¶
| Mitigation | Effect |
|---|---|
| HMAC key derived from server secret + device fingerprint | Key not present in binary, not portable across devices |
--dart-define for build-time secret injection |
No hardcoded secrets in source or binary |
| Certificate pinning instructions | Proxy interception blocked when pins populated |
--obfuscate build flag |
Class/method names mangled in release builds |
--split-debug-info |
Debug symbols stored separately, not in release binary |
Risk Matrix (After Mitigations)¶
| Threat | Channel | Before | After | Notes |
|---|---|---|---|---|
| Full skill catalog extraction | Frontend | High | None | Loaded from authenticated API |
| context.json exposure | API | Critical | None | raw field removed |
| AI reasoning visible | Runner/Terminal | Critical | Low | Sanitized; semantic inference possible |
| Unauthenticated WS sniffing | WebSocket | High | None | JWT required on all endpoints |
| Knowledge pack names visible | Runner output | High | None | Regex-stripped from all output |
| HMAC key extraction | Binary | High | Low | Derived at runtime, device-bound |
| Skill execution order visible | Timeline | High | None (viewer) | Generic labels for non-admin roles |
What Is NOT Protected (And Why)¶
These items remain visible by design or are impractical to fully protect:
-
Timing analysis -- An observer can measure request intervals and infer phase boundaries. Mitigation: WebSocket auth limits this to authenticated users.
-
Finding content -- The findings themselves are the product. They contain vulnerability details, PoCs, and remediation. This is intentional exposure -- it's what clients pay for.
-
HTTP request patterns -- A network observer can see the target URLs being tested. Mitigation: stealth mode randomizes ordering; WebSocket auth prevents passive observation.
-
Vite chunk structure -- The JS bundle's chunk splitting reveals the component architecture. Mitigation: Terser mangling makes this harder to interpret; component names are not IP.
-
API endpoint structure -- The REST API paths (
/engagements,/findings,/timeline) reveal the data model. Mitigation: this is standard REST design, not proprietary.