DefinePK

Abstract

As organizations seek to fulfill their objectives in the 21st century, they have come to immensely depend on reliable and secure software as a core component of their organizational asset to achieve their set goals. Irrespective of the size, nature or sector of these firms, securing the software asset has gained momentum given major software security issues in the form of incessant cyber-attacks to sensitive and confidential data which could bring huge losses to both the organization and her customers. However, a critical approach to defending the organization’s software infrastructure is anticipating the nature of the exploits from the attacker’s perspective before they occur and strategizing mitigation plans in order to prevent these attacks from being successful. This is called Threat Modeling. The objective of this paper is to identify existing challenges in this research field and establish the grounds for a credible research activity therefore the researchers present a review of literatures on threat modelling activities overs the years and the subsequent hybrids developed to cater for the weaknesses of the techniques used. It was discovered that software applications suffered from analysis paralysis due to over-specification of security requirements while using hybrid threat modeling techniques. Furthermore, we discuss briefly our proposed approach to using hybrid threat modeling using a set of coherent modeling techniques in tackling a particular security vulnerability plaguing web applications while avoiding analysis paralysis.