Security Testing of Web Applications Using Threat Modeling: A Systematic Review

Due to the increasing heterogeneity and complexity of web, testing the web application for security becomes an essential task. The objective of the security testing is to find the vulnerabilities or weaknesses of software applications. As the web software is highly accessible web application vulnerabilities arguably have greater impact than vulnerabilities in other types of software. So the importance of security increases exponentially to restrict the unauthorized access. To address the security issues like confidentiality, integrity, availability etc. early in the software development life cycle we go for security development models that guides the development process. That's why many more studies on security testing have been conducted and various testing techniques have been developed. Threat modeling is one of the important technique for building a secure software which guides the development process by identifying the possible vulnerabilities and threats at the early stages of SDLC. This research paper focus on analyzing the different existing threat modeling techniques for detecting threats used for security testing. An efficient framework for security testing is also drawn for our future work.