Conception and Development of a Threat Modeling Tool
- The development of secure software systems is of ever-increasing importance. While software companies often invest large amounts of resources into the upkeeping and general security properties of large-scale applications when in production, they appear to neglect utilizing threat modeling in the earlier stages of the software development lifecycle. When applied during the design phase ofThe development of secure software systems is of ever-increasing importance. While software companies often invest large amounts of resources into the upkeeping and general security properties of large-scale applications when in production, they appear to neglect utilizing threat modeling in the earlier stages of the software development lifecycle. When applied during the design phase of development, and continuously during development iterations, threat modeling can help in following a “Security by Design” approach. This approach allows issues relating to IT security to be found early during development, reducing the need for later improvement – and thus saving resources in the long term. In this thesis the current state of threat modeling is investigated. Based on this analysis, requirements for a new tool are derived. These requirements are then used to develop a new tool, called OVVL, which utilizes all main components of current threat modeling methodologies, as well as functionality not available in existing solutions. After documenting the development process and OVVL in general, this newly developed tool is used to conduct two case studies in the field of e-commerce and IoT.…
Document Type: | Bachelor Thesis |
---|---|
Zitierlink: | https://opus.hs-offenburg.de/3339 | Bibliografische Angaben |
Title (English): | Conception and Development of a Threat Modeling Tool |
Author: | Tobias Reski |
Advisor: | Andreas Schaad, Oliver Vauderwange |
Year of Publication: | 2019 |
Date of final exam: | 2019/02/18 |
Publishing Institution: | Hochschule Offenburg |
Granting Institution: | Hochschule Offenburg |
Place of publication: | Offenburg |
Page Number: | IV, 76 |
URN: | https://urn:nbn:de:bsz:ofb1-opus4-33399 |
Language: | English | Inhaltliche Informationen |
Institutes: | Fakultät Medien und Informationswesen (M+I) (bis 21.04.2021) |
Institutes: | Abschlussarbeiten / Bachelor-Studiengänge / MI |
DDC classes: | 000 Allgemeines, Informatik, Informationswissenschaft |
GND Keyword: | Bedrohungsanalyse; Verteiltes System; Web-Entwicklung |
Tag: | STRIDE; Software Architecture; Threat Modeling; Web Development | Formale Angaben |
Open Access: | Open Access |
Licence (German): | Creative Commons - CC BY-SA - Namensnennung - Weitergabe unter gleichen Bedingungen 4.0 International |
SWB-ID: | 1674278039 |