Threat modeling in application security planning citizen service complaints

Abstract

The mobile-based service complaint application is one way to implement good governance today. Public facilitated to make complaints without going through a complicated process. Security aspects must be considered to protect user privacy. The security design must be considered so that no one is harmed by the application's users damaged in the application's use. This study used threat modeling during the planning stage of developing a citizen service complaint application to obtain information about vulnerabilities. The researcher uses the threat modeling process that the open web application security project (OWASP) organization has formulated as a framework. The researchers took steps to describe application information, determine and rank threats, countermeasures, and mitigation. In the final stage, the spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege (STRIDE) threat modeling methodology is used to analyze and assess mitigation actions against threats in the application. The researcher gets a defense strategy to reduce the danger based on the threat analysis results. Threat modeling in the early phase software development life cycle process is constructive in ensuring that software is developed with adequate security based on threat mitigation from the beginning.