Visible to the public A Hybrid Threat Model for Software Security Requirement Specification - IEEE Conference Publication

TitleA Hybrid Threat Model for Software Security Requirement Specification - IEEE Conference Publication
Publication TypeBook
Year of Publication2017
AuthorsIbrahim, Rosziati, Omotunde, Habeeb
ISBN978-1-5090-5493-0
KeywordsCollaboration, composability, Human Behavior, human factors, Metrics, Policy-Governed Secure Collaboration, pubcrawl, Resiliency, Scalability, science of security
Abstract

Security is often treated as secondary or a non- functional feature of software which influences the approach of vendors and developers when describing their products often in terms of what it can do (Use Cases) or offer customers. However, tides are beginning to change as more experienced customers are beginning to demand for more secure and reliable software giving priority to confidentiality, integrity and privacy while using these applications. This paper presents the MOTH (Modeling Threats with Hybrid Techniques) framework designed to help organizations secure their software assets from attackers in order to prevent any instance of SQL Injection Attacks (SQLIAs). By focusing on the attack vectors and vulnerabilities exploited by the attackers and brainstorming over possible attacks, developers and security experts can better strategize and specify security requirements required to create secure software impervious to SQLIAs. A live web application was considered in this research work as a case study and results obtained from the hybrid models extensively exposes the vulnerabilities deep within the application and proposed resolution plans for blocking those security holes exploited by SQLIAs.

URLhttp://ieeexplore.ieee.org/document/7885836/
DOI10.1109/ICISSEC.2016.7885836
Citation Keynoauthor_hybrid_nodate