Application Security Threat Modelling Assignment (25%) Due Date: 6th November 2020 @11.59pm Staying on top of your money and bills can be stressful. You only get paid a few times a month but you’ve got bills coming due all the time. Bill and salary management applications like Prism allow you to manage your money and pay bills on time. Applications such as these allow you to safely pay all of your bills through a single application

Application Security Threat Modelling Assignment (25%) Due Date: 6th November 2020 @11.59pm

Staying on top of your money and bills can be stressful. You only get paid a few times a month but you’ve got bills coming due all the time. Bill and salary management applications like Prism allow you to manage your money and pay bills on time. Applications such as these allow you to safely pay all of your bills through a single application

mybillmanager.ie is a new bill and salary management app about to go into development as a direct competitor to applications such as Prism. Your task is to complete an in-depth report on the complete threat modelling process for mybillmanager.ie. Suitable DFD’s must be used to identify all data flows, call flows, trust boundaries and attack surfaces. DFD’s at different levels are expected to decompose the application and identify threats specific to that component.

The Web application will have the following features:

•Two-factor authentication

•User account pages (showing all transactions)

•Secure funds transfer to pay your bills

•Syncing of account balances to your application

You should follow a threat modelling methodology such as:

https://msdn.microsoft.com/en-us/library/ff648644.aspx

or

https://www.owasp.org/index.php/Threat_Risk_Modeling

Note: If you use a template for your threat modelling, I don’t want you to use the same wording/ text in the templates. You MUST apply each section to your specific application.

Deliverable:

•Report on the complete threat modelling process for the application, e.g.,

Step 1. Identify Assets

Step 2. Create an Architecture Overview Step 3. Decompose the Application Step 4. Identify the Threats

Step 5. Document the Threats Step 6. Rate the Threats

Step 7. Suggest mitigation strategies

•You should include screenshots of threat model diagrams

(DFD’s) in the “Application Decomposition” section and explain them accordingly. What I do not want is an automated report that is produced from the Microsoft Threat Modelling Tool. Anyone submitting this will fail the assignment.

Reference no: EM132069492

GET HELP WITH YOUR PAPERS

WhatsApp
Hello! Need help with your assignments? We are here