Omotunde, Habeeb Oladapo (2018) Moth: a hybrid threat model for improving software security testing. Doctoral thesis, Universiti Tun Hussein Onn Malaysia.
|
Text
24p HABEEB OLADAPO OMOTUNDE.pdf Download (339kB) | Preview |
|
![[img]](http://eprints.uthm.edu.my/style/images/fileicons/text.png) |
Text (Copyright Declaration)
HABEEB OLADAPO OMOTUNDE COPYRIGHT DECLARATION.pdf Restricted to Repository staff only Download (11MB) | Request a copy |
|
|
Text (Full Text)
HABEEB OLADAPO OMOTUNDE WATERMARK.pdf Restricted to Registered users only Download (11MB) | Request a copy |
Abstract
As SQL injection attack (SQLIA) continues to threaten web applications despite several techniques recommended to prevent it, a Hybrid Threat Modeling strategy was adopted in this research due to its proactive approach to risk mitigation in web applications. This involved the combination of 3 threat modeling techniques namely misuse cases, attack trees and finite state machines in order to harness their individual strengths to design a Hybrid Threat Modeling framework and tool called MOTH (Modeling Threats using Hybrid techniques). Using the MOTH tool developed using Eclipse rich client platform, experimental results with an e-commerce web application downloaded from GitHub namely BodgeIt store shows an improved SQL injection vulnerability detection rate of 13.33% in comparison to a commercial tool, IBM AppScan. Further benchmarking of MOTH with respect to SQL injection vulnerability detection in both BodgeIT store and IBM’s Altoro Mutual online banking application shows it is 30.6% more effective over AppScan. Relative to other threat modeling tools, MOTH was able to realize a 41.7% optimization of attack paths required to design effective test plans and test cases for the recommendation of efficient security requirements needed to prevent SQL injection attacks. A 100% risk mitigation was achieved after applying these recommendations due to a complete security test coverage of all test cases during the experiment as all test cases successfully exposed the inherent security mutants in the AUT. These results show that MOTH is a more suitable hybrid threat modeling tool for preventing poor specifications that expose web applications to SQL injection attacks.
| Item Type: | Thesis (Doctoral) |
|---|---|
| Subjects: | H Social Sciences > HV Social pathology. Social and public welfare > HV7231-9960 Criminal justice administration > HV8290-8291 Private security services |
| Divisions: | Faculty of Computer Science and Information Technology > Department of Web Technology |
| Depositing User: | Mrs. Sabarina Che Mat |
| Date Deposited: | 06 Jul 2021 07:50 |
| Last Modified: | 06 Jul 2021 07:50 |
| URI: | http://eprints.uthm.edu.my/id/eprint/185 |
Actions (login required)
 |
View Item |