Threat Modeling Base Case: Online Banking Web Application
Reference scenario used in the Threat Modeling lab for applying STRIDE, DREAD and data flow analysis.
Scenario
A mid-sized bank offers an online banking platform where customers can:
- Log in using a username, password, and optional 2FA code
- View account balances and recent transactions
- Transfer money between accounts or to other banks
- Receive email notifications for transfers or security alerts
System components
- Frontend Web App: A browser-based interface for customers
- Backend API Server: Handles authentication, account data, and transactions
- Database: Stores user profiles, credentials, and transaction history
- Email Service: Sends alerts and notifications
- Admin Portal: Allows bank staff to manage accounts and investigate suspicious activity
Key assumptions
- Customers access the platform via desktop and mobile browsers
- The platform uses HTTPS and JWT tokens for sessions
- There is an external payment processor for interbank transfers
- Logging and audit trails exist but are not tamper-proof
- Attackers may be external (hackers) or internal (disgruntled staff)
Identifiable assets
| Asset | Description |
|---|---|
| User credentials | Login username, hashed passwords, and 2FA secrets |
| Session tokens | JWT tokens used for authentication |
| Transaction records | Logs of all user transactions |
| Account balance information | Sensitive financial data |
| Customer personal details (PII) | Names, addresses, emails, phone numbers |
| Banking APIs | Endpoints for account management and transfers |
Actors
- Customer: End user accessing the system
- Bank Admin: Employee with privileged access to manage accounts
- External Payment Processor: Third-party API for interbank transfers
- Attacker: Could be an external hacker or malicious insider
Entry points
- Web login page
- API endpoints for transactions and account data
- Admin portal login page
- Email notifications (with embedded links)
Navigation: ← Threat Modeling | Home