Search results for "Threat model"
showing 2 items of 2 documents
The security of mobile business applications based on mCRM
2020
A development of mobile technologies, and their common use in business, creates new challenges for people dealing with data security in the organization. This paper explores the types and nature of threats to the enterprise that result from the widespread use of business applications on smartphones (e.g. mobile CRM). The analysis has been focused on smartphones and tablets running on the Android operating system. We used STRIDE - a threat modeling technique commonly used to detect vulnerabilities in software security. We propose its modification to better design and implement solutions for the security of mobile devices. We also used the Data Flow Diagram and the Attack Tree concept to anal…
Towards Practical Cybersecurity Mapping of STRIDE and CWE — a Multi-perspective Approach
2021
Software vulnerabilities are identified during their whole life-cycle; some vulnerabilities may be caused by flaws on the design while other appear due to advances on the technologies around the systems. Frameworks such as OWASP are well- known and are used for testing a systems security before or after implementation, and such testing is carried out against the existing system. Threat modeling however focuses on the early stages of the system design when it is feasible and easy to fix security-related flaws and prevent possible damage caused by them. For example, STRIDE is one very popular threat modeling framework. A STRIDE threat modelling specialist deals with abstract categorizations o…