UTHM Institutional Repository

A review of threat modelling and its hybrid approaches to software security testing

Omotunde, Habeeb and Ibrahim, Rosziati (2015) A review of threat modelling and its hybrid approaches to software security testing. ARPN Journal of Engineering and Applied Sciences, 10 (23). p. 17. ISSN 1819-6608

Full text not available from this repository.

Abstract

As organizations seek to fulfill their objectives in the 21st century, they have come to immensely depend on reliable and secure software as a core component of their organizational asset to achieve their set goals. Irrespective of the size, nature or sector of these firms, securing the software asset has gained momentum given major software security issues in the form of incessant cyber-attacks to sensitive and confidential data which could bring huge losses to both the organization and her customers. However, a critical approach to defending the organization’s software infrastructure is anticipating the nature of the exploits from the attacker’s perspective before they occur and strategizing mitigation plans in order to prevent these attacks from being successful. This is called Threat Modeling. The objective of this paper is to identify existing challenges in this research field and establish the grounds for a credible research activity therefore the researchers present a review of literatures on threat modelling activities overs the years and the subsequent hybrids developed to cater for the weaknesses of the techniques used. It was discovered that software applications suffered from analysis paralysis due to over-specification of security requirements while using hybrid threat modeling techniques. Furthermore, we discuss briefly our proposed approach to using hybrid threat modeling using a set of coherent modeling techniques in tackling a particular security vulnerability plaguing web applications while avoiding analysis paralysis.

Item Type: Article
Uncontrolled Keywords: threat modeling; hybrid threat modeling; SSDL; software security; software vulnerability; web applications
Subjects: T Technology > T Technology (General)
Divisions: Faculty of Computer Science and Information Technology > Department of Software Engineering
Depositing User: Normajihan Abd. Rahman
Date Deposited: 13 Aug 2018 03:39
Last Modified: 13 Aug 2018 03:39
URI: http://eprints.uthm.edu.my/id/eprint/8124
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item