ABSTRACT
A large percentage of security holes are created during the development process, and these holes are quickly becoming the attacker’s target of choice to gain access to sensitive information and servers. One key step in the development process that companies often fail to perform is threat analysis. One popular threat–analysis approach is the STRIDE model. STRIDE is an analysis tool designed to categorize application threats. The threats are identified, people can take steps to mitigate, remove, or transfer the risk associated with the threat. The spoofing identity occurs when a user poses as another user to access an application. Repudiation threats are instances in which a user can deny performing a specific action and the other party has no means of disproving this statement. The general application development is important, the growth of Web applications and their vulnerabilities is rapidly making these applications targets of choice. Secure coding is one of many components needed to develop a secure Web application.
