Research On Threat Modeling And Threat Relief For E-commerce Software

With the development of the Internet,online shopping has become the mainstream of the society,as one of the most common software at present,e-commerce software has been integrated into daily life.However,there are a lot of threats in the e-commerce software designed according to the traditional e-commerce software development process.It takes a lot of time to repair the software security in the late stage of the software completion.Therefore,this topic puts forward the threat modeling and threat relief solutions for e-commerce software,which has practical significance for enhancing the security of e-commerce software.First,it analyzes the current security situation of e-commerce software and the research status of threat modeling at home and abroad,and summarizes some existing problems in the research of e-commerce software security and threat modeling.Describes the top ten common threats in the current software,explains the use of threat modeling STRIDE model and DREAD model,introduces the basic working mode of SSL network communication protocol and SET secure transaction protocol.Secondly,combining the e-commerce software development process with threat modeling,a process model of e-commerce software threat modeling is proposed,the basic composition and working mode of the model are described,and the specific steps included in the model are given.Content and safety goals.Based on this model,the threat modeling of common functional modules of e-commerce software is designed.Thirdly,in order to mitigate the threats discovered by the threat modeling of e-commerce software,the mending solutions of the threats of each functional module are designed,and the use technology and design process of the mending solutions are given.Finally,the threat modeling of e-commerce software is applied to the actual development process,the realization result of the threat relief solution is given,and the function test is carried out.It simulates the common threat attack methods such as malicious registration and fake orders,and examines the security of the software from multiple angles,which shows the practicality of the threat modeling of e-commerce software and the feasibility of the threat relief solution.