| Autors: Nikolov, L. A., Aleksieva-Petrova, A. P. Title: Threat Modeling Based on STRIDE Framework for Web Application Keywords: countermeasure, Microsoft threat modeling tool, OWASP Threat Abstract: Threat modeling is an iterative process that involves defining and profiling assets, identifying, prioritizing, and monitoring security threats, and evaluating associated controls. It formalizes the analysis of security vulnerabilities and risks across hosts, applications, and network services. In this paper, we will conduct a threat modeling including a high-level architecture diagram with a web application hosted on a web server and connected to a backend database. Four different threat modeling tools are used to identify threats and countermeasures by data flow within the system. Potential vulnerabilities such as insecure data transmissions, inadequate authentication mechanisms, and improper access controls can be identified by visualizing this data flow. Finally, these results are compared and applied to the STRIDE approach for a comprehensive assessment. The results show that Irius Risk and Thrike are both advanced threat modeling tools that support a wide range of frameworks bey References Issue
|
Вид: публикация в международен форум, публикация в реферирано издание
