• Find People
  • Campus Map
  • PiratePort
  • A-Z
    • About
    • Submit
    • Browse
    • Login
    View Item 
    •   ScholarShip Home
    • Dissertations and Theses
    • Master's Theses
    • View Item
    •   ScholarShip Home
    • Dissertations and Theses
    • Master's Theses
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Browse

    All of The ScholarShipCommunities & CollectionsDateAuthorsTitlesSubjectsTypeDate SubmittedThis CollectionDateAuthorsTitlesSubjectsTypeDate Submitted

    My Account

    Login

    Statistics

    View Google Analytics Statistics

    Threat Modelling and Analysis of Web Application Attacks

    Thumbnail
    View/ Open
    AWOJANA-MASTERSTHESIS-2018.pdf (2.855Mb)

    Show full item record
    Author
    Awojana, Tolulope Bukola
    Abstract
    There has been a rapid growth in the use of the Internet over the years with billions of businesses using it as a means of communication. The World Wide Web has served as the major tool for disseminating information which has resulted into the development of an architecture used in information sharing between remotely connected clients. A web application is a computer program that operates on web technologies and browsers to carry out assignments over the Internet. In designing a secured web application, it is essential to assess and model the viable threats. Threat Modelling is a process used to improve on the application security by pointing out threats and vulnerabilities, outlining mitigation measures to prevent or eliminate the effect of threats in a system. With the constant increase in the number of attacks on web applications, it has become essential to constantly improve on the existing threat models to increase the level of security posture of web applications for proactiveness and strategic goals in operational and application security. In this thesis, three different threat models; STRIDE, Kill Chain and Attack Tree were simulated and analyzed for SQL injection and Cross Site Scripting attacks using the Microsoft SDL threat modelling tool, Trike modelling tool and SeaMonster modelling tool respectively. This study would be useful for future research in developing a new and more efficient threat model based on the existing ones, it would also help organizations determine which of the models used in this research is best suited for the business’ security framework. The objective of this thesis is to analyze the three commonly used models, examining the strengths and weaknesses discovered during the simulation and compare the performances.
    URI
    http://hdl.handle.net/10342/7049
    Subject
     Attacks; Models 
    Date
    2018-12-12
    Citation:
    APA:
    Awojana, Tolulope Bukola. (December 2018). Threat Modelling and Analysis of Web Application Attacks (Master's Thesis, East Carolina University). Retrieved from the Scholarship. (http://hdl.handle.net/10342/7049.)

    Display/Hide MLA, Chicago and APA citation formats.

    MLA:
    Awojana, Tolulope Bukola. Threat Modelling and Analysis of Web Application Attacks. Master's Thesis. East Carolina University, December 2018. The Scholarship. http://hdl.handle.net/10342/7049. April 18, 2021.
    Chicago:
    Awojana, Tolulope Bukola, “Threat Modelling and Analysis of Web Application Attacks” (Master's Thesis., East Carolina University, December 2018).
    AMA:
    Awojana, Tolulope Bukola. Threat Modelling and Analysis of Web Application Attacks [Master's Thesis]. Greenville, NC: East Carolina University; December 2018.
    Collections
    • Master's Theses
    Publisher
    East Carolina University

    xmlui.ArtifactBrowser.ItemViewer.elsevier_entitlement

    East Carolina University has created ScholarShip, a digital archive for the scholarly output of the ECU community.

    • About
    • Contact Us
    • Send Feedback