A Case Study Based Review on Threat Modeling Techniques and their Efficacy in Modern Software Engineering
- Threat Modeling is a vital approach to implementing ”Security by Design” because it enables the discovery of vulnerabilities and mitigation of threats during the early stage of the Software Development Life Cycle as opposed to later on when they will be more expensive to fix. This thesis makes a review of the current threat Modeling approaches, methods, and tools. It then creates a meta-modelThreat Modeling is a vital approach to implementing ”Security by Design” because it enables the discovery of vulnerabilities and mitigation of threats during the early stage of the Software Development Life Cycle as opposed to later on when they will be more expensive to fix. This thesis makes a review of the current threat Modeling approaches, methods, and tools. It then creates a meta-model adaptation of a fictitious cloud-based shop application which is tested using STRIDE and PASTA to check for vulnerabilities, weaknesses, and impact risk. The Analysis is done using Microsoft Threat Modeling Tool and IriusRisk. Finally, an evaluation of the results is made to ascertain the effectiveness of the processes involved with highlights of the challenges in threat modeling and recommendations on how security developers can make improvements.…
Document Type: | Master's Thesis |
---|---|
Zitierlink: | https://opus.hs-offenburg.de/5246 | Bibliografische Angaben |
Title (English): | A Case Study Based Review on Threat Modeling Techniques and their Efficacy in Modern Software Engineering |
Author: | Martins Divine Okoi |
Advisor: | Andreas Schaad, Dirk Drechsler |
Year of Publication: | 2021 |
Date of final exam: | 2021/12/20 |
Publishing Institution: | Hochschule Offenburg |
Granting Institution: | Hochschule Offenburg |
Place of publication: | Offenburg |
Page Number: | xii, 136 |
Language: | English | Inhaltliche Informationen |
Institutes: | Fakultät Medien (M) (ab 22.04.2021) |
Institutes: | Abschlussarbeiten / Master-Studiengänge / ENITS |
DDC classes: | 000 Allgemeines, Informatik, Informationswissenschaft / 000 Allgemeines, Wissenschaft / 004 Informatik | Formale Angaben |
Open Access: | Closed Access |
Licence (German): | Creative Commons - CC BY-SA - Namensnennung - Weitergabe unter gleichen Bedingungen 4.0 International |
SWB-ID: | 1818136023 |