As e-commerce becomes more mainstream and an important part of business operations, e-commerce security has become more important. Determining threats and weaknesses to a web service or other application-based system is important to a business that provides the service. By analyzing and dealing with potential threats, system designers may help prevent attacks against a web service and other service failures. Mitigating service threats provides for a more secure and safe environment in which business customers may conduct business.
Typically, threat modeling involves a team of designers that “brainstorm” to identify perceived vulnerabilities and other weaknesses of a system. Though this method may catch several vulnerabilities of a system, it is suspect to human error and does not provide a standard methodology for eliminating system threats.
Some threat modeling methods have been implemented to identify system threats. However, most modeling methods have had inconsistent success. In particular, some threat modeling systems produce an attack model rather than an actual threat model. Other systems are too general, and often use a threat model of a physical process or a general implementation of a software application. This generalization can affect modeling usability because of a lack of focus from the consumer's perspective.