Application Security Threat Modelling Assignment (25%) Due Date: 6th November 2020 @11.59pm
Staying on top of your money and bills can be stressful. You only get paid a few times a month but you’ve got bills coming due all the time. Bill and salary management applications like Prism allow you to manage your money and pay bills on time. Applications such as these allow you to safely pay all of your bills through a single application
mybillmanager.ie is a new bill and salary management app about to go into development as a direct competitor to applications such as Prism. Your task is to complete an in-depth report on the complete threat modelling process for mybillmanager.ie. Suitable DFD’s must be used to identify all data flows, call flows, trust boundaries and attack surfaces. DFD’s at different levels are expected to decompose the application and identify threats specific to that component.
The Web application will have the following features:
•User account pages (showing all transactions)
•Secure funds transfer to pay your bills
•Syncing of account balances to your application
You should follow a threat modelling methodology such as:
Note: If you use a template for your threat modelling, I don’t want you to use the same wording/ text in the templates. You MUST apply each section to your specific application.
•Report on the complete threat modelling process for the application, e.g.,
Step 1. Identify Assets
Step 2. Create an Architecture Overview Step 3. Decompose the Application Step 4. Identify the Threats
Step 5. Document the Threats Step 6. Rate the Threats
Step 7. Suggest mitigation strategies
•You should include screenshots of threat model diagrams
(DFD’s) in the “Application Decomposition” section and explain them accordingly. What I do not want is an automated report that is produced from the Microsoft Threat Modelling Tool. Anyone submitting this will fail the assignment.