Project Abstract

Threat modeling, a cornerstone practice in software security, plays a vital role in proactively identifying and mitigating potential risks to systems and data. Building upon the established principle of anticipating threats, contemporary threat modeling techniques like STRIDE provide structured methodologies for comprehending and addressing security vulnerabilities. This project specifically focuses on applying threat modeling to web applications, leveraging the Microsoft Threat Modeling Tool (MTMT) and the STRIDE technique for a comprehensive approach. By systematically examining the system from an adversarial perspective, the project meticulously identifies, categorizes, and prioritizes potential threats. Once identified, robust mitigation strategies are then implemented to effectively address these threats, ultimately aiming to elevate the overall security posture of the web application. A key emphasis of the project is the early integration of security considerations throughout the Software Development Life Cycle (SDLC). This proactive approach facilitates the early detection of vulnerabilities, leading to significant cost savings in the long run. Furthermore, by fostering collaboration among diverse organizational stakeholders and incorporating continuous reassessment practices, the project endeavors to bolster product quality, minimize attack surfaces, and ensure an effective prioritization of cybersecurity efforts. The project concludes with a rigorous validation phase, where the threat model undergoes adjustments and enhancements to guarantee alignment with industry-leading security best practices and the successful mitigation of potential risks.

Keywords: Threat Modeling, Web Applications, STRIDE Technique

 Conference Details

Session: Presentation Stream 31 at Presentation Slot 4

Location: GH018 at Wednesday 8th 13:30 – 17:00

Markers: Gregory Cheng, Ehinafa Akinola (GTA)

Course: MSc Computer Science, Masters PG

Future Plans: I’m looking for an industry placement