dc.description.abstract | Legacy enterprise applications provide unique challenges for software security personnel. The
size and historical nature of these systems can result in vulnerabilities that do not have the
appropriate countermeasures in place. Development teams that support these systems can be
unaware of such security weaknesses until they have been exploited by an adversary. By
successfully identifying threats, development teams can put in place the appropriate
mitigations.
This research discusses the practice of Threat Modelling as a systematic approach to identifying
security vulnerabilities in software systems. Although numerous works have been presented on
the subject of Threat Modelling, very little has been published on the unique challenges faced
with Threat Modelling legacy systems. This research presents different Threat Model
methodologies and provides a comparison of leading practices suitable for the Threat
Modelling of large scale systems. The comparison is based on both theoretical research and the
practical application of two of the most popular Threat Models. This research then offers a
Threat Model case study of a major component of a live commercial legacy enterprise
application. An Irish based software company has provided access to an existing legacy system
for the purpose of this project, the practical development of a Threat Model and a detailed
analysis of the system. | en |