Java Reference
In-Depth Information
table 6.3
threat Proiles for Panthera's e-Commerce Application
Threat
Access
Threat
Description
Threat
Motive
Threat
Outcome
Asset Name
Threat Actor
Customer
information
(name,
address,
email,
telephone)
Malicious
application
user
Over the
Internet—
Human
actor using
network
access
Attacker can
use the user
accounts of
other
legitimate
users of the
application
Deliberate
Loss of
conidentiality
of customer
information
Customer
credit card
information
(PAN and
CVV2)
Application
user, external
attacker,
malicious
insider
Over the
Internet—
Human
actor with
network
access
Attacker may
gain access to
customer
credit card
information
either during
storage or
during
transmission
Deliberate
Loss of
conidentiality
of customer
credit card
information
Inventory
information
Application
administrative
user
Over the
Internet
Employee may
modify or
destroy
inventory
information,
which may
cause losses to
Panthera
Deliberate
and
accidental
Loss of
integrity and
availability of
inventory
information
Gift card
information
Attacker
Over the
Internet
Attacker may
gain access to
gift card
information
stored in the
database,
which, if
disclosed, can
result in
millions of
dollars of loss
to Panthera
Deliberate
Loss of
conidentiality
of gift card
information
—
continued
Search WWH ::
Custom Search