Group 27

Threat Modelling Connect

Interactive report covering authentication, media uploads, and payment systems.

Group 27
Objective
Identify risks, assess business impact, propose mitigations.
Focus Areas
Authentication, Media Upload, Payment/Marketplace
Group 27 | Threat Modelling Connect

1. Introduction

Context, executive summary, objective, scope, and assumptions.

Context

We performed threat modelling on an online multiplayer city-building game and focused on three key areas for in-depth analysis.

Executive Summary

We focused on three high-impact areas: authentication, media uploads, and payment/marketplace. Key risks center around financial loss, abuse of external callbacks, and integrity of user assets and transactions.

Objective

This threat modelling exercise identifies risks in the game's system, assesses their business impact, and provides recommendations for mitigation. Our priorities are:

  • User safety
  • Game integrity and fair play
  • Financial integrity

Scope & Assumptions

  • In scope: internal components modeled in our DFDs (focus areas below).
  • Out of scope: external entities and systems not explicitly modeled (except the listed external payment gateway).
  • Assumptions: Certain protocol and control details are assumed where architecture isn't fully specified.
Show assumptions register
Assumption Reason Security Impact How to Validate

Business Consideration

This threat modeling exercise supports our business continuity and risk management goals. By addressing threats to authentication, media uploads, and payments, we can:

  • Protect revenue streams by preventing payment fraud, unauthorized refunds, and marketplace manipulation.
  • Maintain user trust by protecting credentials and personal data, preserving our reputation and reducing user churn.
  • Keep the platform safe by blocking malicious content and preventing moderation abuse.
  • Reduce operational costs by minimizing DoS attacks and system abuse that strain infrastructure.
  • Meet compliance requirements like GDPR through proper security controls around user data and privacy.

2. System Overview

General DFD + component DFDs (Auth, Media Upload, Payment).

Key Components (Focus Areas)

  • Authentication Service handles identities, sessions, and tokens
  • Media Upload Service manages user content uploads, scanning, and moderation
  • Payment & Marketplace processes orders, entitlements, refunds, and webhooks

We selected these areas based on their business impact and attack surface.

How to Read This Report

  1. Check the risk matrix to understand priorities
  2. Review data flow diagrams and component details
  3. Explore specific threats using STRIDE
  4. Read through recommended mitigations

3. Risk Matrix

Click a cell to highlight threats in that band.

Risk = Impact × Likelihood

Selected Band

Click a matrix cell to view matching threats.

4. Data Flow Diagrams

Click components on the DFD to reveal details.

General System DFD
Interactive DFD
Tip: click components to zoom in
Media Upload DFD
Interactive DFD
Tip: click components to zoom in
Payment & Marketplace DFD
Interactive DFD
Tip: click components to zoom in
Authentication & Identity DFD

5. Threat Modelling (STRIDE)

Filter the table; click a threat to see details + mitigations.

Filter

Threat Detail

Select a threat row to view details.
1 / 1
ID Subsystem Components Affected Data Asset Data Flow S T R I D E Threat Name Threat Description Possible Impact Likelihood Score Impact Score

6. Remediations & Mitigations

Browse by subsystem, analyse controls, or view mitigation coverage & ROI.

Threats in Payment & Services

:)

Click a threat to view mitigations