Threat modeling in web applications

Satapathy, S R (2014) Threat modeling in web applications. MTech thesis.



Todays competitive and profit-driven online environment needs a web application to be much secure as it is going to be tested in all possible ways by the attackers for any sign of vulnerability which can be converted into a big success for him to gain control to the maximum of the software. In order to produce a secure application, it has to be securely built right from the design phase throughout the software development life cycle. The most effective methodology of implementing this is threat modeling. There have been a lot of improvements and researches on the process of threat modeling and its approaches. Following these, Some tools are developed by some Enterprises to support the process of systematic threat modeling. In this thesis, the most widely accepted process of threat modeling, that has been proposed by Microsoft, is explained along with other approaches for it. Two industrial projects, with the support of Microsoft SDL tool for Threat modeling have been threat modeled and discussed. Towards the end, some modifications to the hybrid approach of threat modeling have been proposed and have been implemented on the open source workbench supporting that approach.

Item Type:Thesis (MTech)
Uncontrolled Keywords:Threat modeling; security in web application; hybrid threat modeling approach; STRIDE; DREAD; Resolution of STRIDE
Subjects:Engineering and Technology > Computer and Information Science > Information Security
Divisions: Engineering and Technology > Department of Computer Science
ID Code:5793
Deposited By:Hemanta Biswal
Deposited On:11 Aug 2014 09:53
Last Modified:11 Aug 2014 09:53
Supervisor(s):Mohapatra, D P

Repository Staff Only: item control page