STRIDE – Based Risk Assessment for Web Application
This paper proposes a lightweight model as an alternative methodology of risk assessment for web applications. The assessment model presented in this paper takes into account not only the threats to the web applications but also the environments where they are hosted. STRIDE model is used as a measure to identify the threats by analyzing dataflow, data store and process presented in dataflow diagram. Moreover, DREAD is used to calculate the security risk of each threat, which is extended with the consideration of the assets’ criticalities and their application environments.
H. Guan et al., "STRIDE – Based Risk Assessment for Web Application", Applied Mechanics and Materials, Vols. 58-60, pp. 1323-1328, 2011