Software Engineering

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Threat Modeling-A Survey


Affiliations
1 Department of Information Technology with specialization in Information Security, Institute of Engineering and Technology, Devi Ahilya Vishwavidyalaya (DAVV) University, Indore, M.P., India
2 Department of Information Technology with specialization in Information Security, The Institute of Engineering and Technology, Devi Ahilya Vishwavidyalaya (DAVV) University, Indore, M.P., India
     

   Subscribe/Renew Journal


Generally, Security assessment is performed on applications after they are developed to identify issues and then required measures are taken to fix those issues. This can help but it is costlier approach to address the issues later. The steps run in multiple iterations and can be avoided if we take this issue earlier by finding the issues in the life cycle of the application development only. Here comes the role of Threat Modeling, which makes it possible to identify all potential threats to the software system in designing phase. Microsoft included Threat Modeling as a one of the practice in the Security Development Life-cycle to ensure that security built-in like identifying vulnerabilities, determining risks from the threats, and establishing appropriate mitigating methods can easily be identified more effectively and less expensively from the very beginning. The numerous works have been published on threat modeling. We examine the differences between modeling software tools and which is best suited for what and will discuss on the issues reported by Microsoft.


Keywords

SDLC, Security, Threat Modeling, Web Applications.
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 192

PDF Views: 3




  • Threat Modeling-A Survey

Abstract Views: 192  |  PDF Views: 3

Authors

Pooja Lahoti
Department of Information Technology with specialization in Information Security, Institute of Engineering and Technology, Devi Ahilya Vishwavidyalaya (DAVV) University, Indore, M.P., India
Pragya Shukla
Department of Information Technology with specialization in Information Security, The Institute of Engineering and Technology, Devi Ahilya Vishwavidyalaya (DAVV) University, Indore, M.P., India

Abstract


Generally, Security assessment is performed on applications after they are developed to identify issues and then required measures are taken to fix those issues. This can help but it is costlier approach to address the issues later. The steps run in multiple iterations and can be avoided if we take this issue earlier by finding the issues in the life cycle of the application development only. Here comes the role of Threat Modeling, which makes it possible to identify all potential threats to the software system in designing phase. Microsoft included Threat Modeling as a one of the practice in the Security Development Life-cycle to ensure that security built-in like identifying vulnerabilities, determining risks from the threats, and establishing appropriate mitigating methods can easily be identified more effectively and less expensively from the very beginning. The numerous works have been published on threat modeling. We examine the differences between modeling software tools and which is best suited for what and will discuss on the issues reported by Microsoft.


Keywords


SDLC, Security, Threat Modeling, Web Applications.