Web application security - the fast guide 1.1

Chapter 3 - Vulnerabilities and threat models P a g e | 50 3.3 Threats and vulnerabilities models -IIMF known method for categorizing threats where IIMF is an acronym combined of the first letter of the following categories: 1- Interruption: intercept and prevent the access to information or denial of the service. 2- Interception: capture information like network traffic or any confidential information. 3- Modification: alter captured information like network packet source or content like user name. 4- Fabrication: spoofing identity, relay altered information. Normal flow Interruption Interception Fabrication Figure 21: IIMF model 3.4 Threats and vulnerabilities models - CIA Where IIMF focuses on the threat itself the CIA method approaches it from the system aspect perspective where (C) represents Confidentiality, (I) represents Integrity and (A) the availability. 3.4.1 Confidentiality: the application focus on preventing any disclosure of private or important information that can represent an asset or that might be used to compromise an asset. Confidentiality mainly reached through cryptography, authorization and authentication techniques.

Web application security - the fast guide 1.1 | Page 50