Building Secure Web-Applications Using Threat Model

Full Text (PDF, 493KB), PP.52-62

Views: 0 Downloads: 0


Sobia Usman 1,* Humera Niaz 1

1. Computer Science Department, COMSATS Institute of Information Technology, Lahore, Pakistan

* Corresponding author.


Received: 29 Aug. 2017 / Revised: 11 Oct. 2017 / Accepted: 3 Dec. 2017 / Published: 8 Mar. 2018

Index Terms

Threat, vulnerabilities, STRIDE, DREAD, Security Objectives, Threat Modeling


Ensuring security in web based applications is one of the key issues nowadays. The processes of designing and building a web site have changed. As the online transactions are increasing, increase in type and number of attacks have been observed regarding security of online payment systems. Generally used web development methodologies do not assure security as an umbrella activity. Moreover appropriate threat modeling is also not being conducted against web security objectives. Need of the hour is to have a comprehensive and simple to use web development methodology which caters security throughout the WDLC for web based solutions.

Cite This Paper

Sobia Usman, Humera Niaz, "Building Secure Web-Applications Using Threat Model", International Journal of Information Technology and Computer Science(IJITCS), Vol.10, No.3, pp.52-62, 2018. DOI:10.5815/ijitcs.2018.03.06


[1]J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Kishore Gopalan, August (2005), “Patterns & Practices Web Application Security Engineering Index”, Microsoft Corporation

[2]Stijn Vande Casteele, (2004), “Threat Modeling for Web Applications Using the STRIDE Model”, MIS Thesis, Information Security group, Royal Holloway, University of London

[3]J. Offutt, March/April (2002), “Quality Attributes of Web Software Applications”, IEEE Software: Special Issue on Software Engineering of Internet Software, 19(2):25-32 

[4]Meier, j.D., Mackman, A, Dunner, M., Vasireddy, S., Escamilla, R. and Murukan, A. Ni date.(2003) “Improving Web Application Security Threats and Countermeasures” Microsoft

[5]Dnyaneshwar K. Patil, Dr. Kailas R. Patil, (2016), Automated Client-side Sanitizer for Code Injection Attacks, I.J. Information Technology and Computer Science, 4, 86-95

[6]Rupali D. Kombade, Dr. B.B. Meshram,( 2012), ” CSRF Vulnerabilities and Defensive Techniques”, I. J. Computer Network and Information Security,  1, 31-37

[7]Harish Dehariya, Piyush Kumar Shukla, Manish Ahirwar, (2016)“A Survey on Detection and Prevention Techniques for SQL Injection Attacks”, I.J. Wireless and Microwave Technologies, 6, 72-79

[8]Wu Beihuaa, Wang Yongquan, (2012), “The Research and Application of Webpage Temper-proofing System”, I.J. Wireless and Microwave Technologies, 3, 16-20

[9]Abdus Satter, B M Mainul Hossain, (2016), “Vulnerabilities Assessment of Emerging Web-based Services in Developing Countries”, I.J. Information Engineering and Electronic Business, 5, 1-8

[10]Pankaj Kumar, C.P. Katti,( 2016), “ A Parallel-SQLIA Detector for Web Security”,  I.J. Information Engineering and Electronic Business, 2, 66-75

[11]Amor Lazzez, Thabet Slimani, (2015),“Forensics Investigation of Web Application Security Attacks”,  I.J. Computer Network and Information Security, 3, 10-17

[12]Subhash Chander,  Ashwani Kush, (2013), “Vulnerabilities in Academic E-governance Portals,  I. J. Computer Network and Information Security” , 3, 56-62

[13]Vandana Dwivedi, Himanshu Yadav,Anurag Jain, (2014), “Web Application Vulnerabilities: A Survey”, International Journal of Computer Applications, 1, 108 

[14]Sajjad Rafique, Mamoona Humayun, Bushra Hamid, Ansar Abbas Muhammad Akhtar, Kamil Iqbal, (2015), “Web Application Security Vulnerabilities Detection Approaches: a Systematic Mapping Study”, IEEE, 978-1-4799-8676-7

[15]Hasty Atashzar, Atefeh Torkaman, Marjan Bahrololum, Mohammad H. Tadayon, (2012), “A Survey on Web Application Vulnerabilities and Countermeasures”, IEEE, 978-89-88678-55-8.