scholarly journals Risk-driven security testing using risk analysis with threat modeling approach

SpringerPlus ◽  
2014 ◽  
Vol 3 (1) ◽  
Author(s):  
Maragathavalli Palanivel ◽  
Kanmani Selvadurai
Keyword(s):  
Risk Analysis ◽  
Security Testing ◽  
Threat Modeling ◽  
Modeling Approach

RISK ANALYSIS OF DATABASE PRIVELEGE IMPLEMENTATION IN SQL INJECTION CASE

2016 ◽  
Vol 78 (5-7) ◽  
Author(s):  
Prajna Deshanta Ibnugraha ◽  
Lukito Edi Nugroho ◽  
Widyawan Widyawan ◽  
Paulus Insap Santosa
Keyword(s):  
Risk Analysis ◽  
Software Security ◽  
Financial Loss ◽  
Security Testing ◽  
Sql Injection ◽  
Base Process ◽  
Sql Injection Attack ◽  
Mitigation Methods ◽  
Security Incidents ◽  
Case Based

Software is important thing that needed by enterprises to support business. When developers build software, security must be concerned as important element. In bad condition, security incidents can make financial loss to organizaion so it need mitigation actions to minimize risk. Security testing and risk analysis become base process to choose good mitigation method. Implementation of database privilege become one of mitigation methods that can be used in SQL injection attack case. Based on DREAD analysis, it can decrease risk of SQL injection attack from high to medium ranking.  

Threat Modeling

2010 ◽  
pp. 228-246
Author(s):  
Nishtha Srivastava ◽  
Sumeet Gupta ◽  
Mayank Mathur
Keyword(s):  
Web 2.0 ◽  
Research Work ◽  
Complete Analysis ◽  
New Approach ◽  
Threat Modeling ◽  
Commercial Use ◽  
Modeling Approaches ◽  
Modeling Approach ◽  
Public Networks ◽  
Informal Method

This research work proposes a threat modeling approach for Web 2.0 applications. The authors’ approach is based on applying informal method of threat modeling for Web 2.0 applications. Traditional enterprises are skeptical in adopting Web 2.0 applications for internal and commercial use in public-facing situations, with customers and partners. One of the prime concerns for this is lack of security over public networks. Threat modeling is a technique for complete analysis and review of security aspects of application. The authors will show why existing threat modeling approaches cannot be applied to Web 2.0 applications, and how their new approach is a simple way of applying threat modeling to Web 2.0 applications.

scholarly journals Crash risk analysis for Shanghai urban expressways: A Bayesian semi-parametric modeling approach

2016 ◽  
Vol 95 ◽  
pp. 495-502 ◽  
Author(s):  
Rongjie Yu ◽  
Xuesong Wang ◽  
Kui Yang ◽  
Mohamed Abdel-Aty
Keyword(s):  
Risk Analysis ◽  
Parametric Modeling ◽  
Crash Risk ◽  
Modeling Approach

scholarly journals Automating Risk Analysis of Software Design Models

2014 ◽  
Vol 2014 ◽  
pp. 1-12 ◽  
Author(s):  
Maxime Frydman ◽  
Guifré Ruiz ◽  
Elisa Heymann ◽  
Eduardo César ◽  
Barton P. Miller
Keyword(s):  
Risk Analysis ◽  
Security Threats ◽  
Software Developers ◽  
Threat Modeling ◽  
Grid Middleware ◽  
Development Methodology ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Flow Diagrams ◽  
The Cost

The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling. Reducing the dependency on security experts aims at reducing the cost of secure development by allowing non-security-aware developers to apply secure development with little to no additional cost, making secure development more accessible. To automate threat modeling two data structures are introduced, identification trees and mitigation trees, to identify threats in software designs and advise mitigation techniques, while taking into account specification requirements and cost concerns. These are the components of our model for automated threat modeling, AutSEC. We validated AutSEC by implementing it in a tool based on data flow diagrams, from the Microsoft security development methodology, and applying it to VOMS, a grid middleware component, to evaluate our model's performance.

scholarly journals Perspectives of Threat Modeling of a Secure Cloud Picture Archiving and Communication System

2019 ◽  
Vol 9 (5) ◽  
pp. 4859-4862
Author(s):  
J. A. Awokola ◽  
O. N. Emuoyibofarhe ◽  
A. Omotosho ◽  
J. O. Emuoyibofarhe ◽  
J. O. Mebawondu
Keyword(s):  
Communication System ◽  
Mitigation Strategies ◽  
Security Requirements ◽  
Storage Space ◽  
Threat Modeling ◽  
Modeling Approach ◽  
Picture Archiving ◽  
Threat Modelling ◽  
Picture Archiving And Communication ◽  
The Cost

The Picture Archiving and Communication System (PACS) used in electronic health, is computationally enhanced by the migration into the cloud, which reduces the cost of storage space and equipment. However, cloud-PACS technology is susceptible to threats and vulnerabilities. This paper implements a threat modeling approach on a cloud-PACS framework, using Microsoft Threat Modelling Tools. Security requirements and mitigation strategies were formulated for the implementation of the framework, in order to improve cloud PACS security.

Sign in / Sign up

Export Citation Format

Share Document