Skip to Main Content
In recent years, web applications have become tremendously popular. However, vulnerabilities are pervasive resulting in exposure of organizations and firms to a wide array of risks. In spite of many tools and techniques, attacks on web application especially through SQL Injection Attacks are at a rise. Threat modeling is an important risk assessment and mitigation practice that provides the capability to secure a web application. A comprehensively designed threat model can provide a better understanding of the risks and help determine the extent of mitigation action. This paper aims to initiate the threat risk model ADMIRE which is a comprehensive, structured and stepwise approach, which would help to identify and mitigate SQL Injections attacks and shield the database lying in the database servers, which may be unauthorizedly accessed for malafide reasons from the web applications.
Date of Conference: 23-25 July 2009