Welcome to the InfoSci Platform
Reference Hub6
An Alternative Threat Model-based Approach for Security Testing

An Alternative Threat Model-based Approach for Security Testing

Bouchaib Falah, Mohammed Akour, Samia Oukemeni
Copyright: © 2015 |Volume: 6 |Issue: 3 |Pages: 15
ISSN: 1947-3036|EISSN: 1947-3044|EISBN13: 9781466678675|DOI: 10.4018/IJSSE.2015070103
Cite Article Cite Article

MLA

Falah, Bouchaib, et al. "An Alternative Threat Model-based Approach for Security Testing." IJSSE vol.6, no.3 2015: pp.50-64. http://doi.org/10.4018/IJSSE.2015070103

APA

Falah, B., Akour, M., & Oukemeni, S. (2015). An Alternative Threat Model-based Approach for Security Testing. International Journal of Secure Software Engineering (IJSSE), 6(3), 50-64. http://doi.org/10.4018/IJSSE.2015070103

Chicago

Falah, Bouchaib, Mohammed Akour, and Samia Oukemeni. "An Alternative Threat Model-based Approach for Security Testing," International Journal of Secure Software Engineering (IJSSE) 6, no.3: 50-64. http://doi.org/10.4018/IJSSE.2015070103

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

In modern interaction, web applications has gained more and more popularity, which leads to a significate growth of exposure to malicious users and vulnerability attacks. This causes organizations and companies to lose valuable information and suffer from bad reputation. One of the effective mitigation practices is to perform security testing against the application before release it to the market. This solution won't protect web application 100% but it will test the application against malicious codes and reduce the high number of potential attacks on web application. One of known security testing approach is threat modeling, which provides an efficient technique to identify threats that can compromise system security. The authors proposed method, in this paper, focuses on improving the effectiveness of the categorization of threats by using Open 10 Web Application Security Project's (OWASP) that are the most critical web application security risks in generating threat trees in order to cover widely known security attacks.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.