The use of computer-based networks (e.g., Internet based networks), provides information readily available to many users. Such networks can host multiple applications; however, the applications may be subject to security related attacks. Security related attacks have led to increased security measures to protect the information stored in or displayed on these applications. Protected information can include customer's banking information, social security numbers, email passwords, financial reports of organizations, etc.
Typically, the security aspect of an application comes after the software development lifecycle and is not an inherent part of the software development cycle itself. For such network based applications, security aspects are generally implemented at a later stage. This may result in an inadequate capability to handle various other security threats.
Security of such applications can be implemented by envisioning a threat model that simulates the threat that an application may be subjected to; however, existing threat models art typically realized for single applications and not the entire collection of applications (e.g., programs in a business enterprise). The typical threat management process is a manual process, which involves understanding and maintaining application security on par with the enterprise level security.