1 Department of Computer Science Engineering, Kent State University, Kent, Ohio, USA.
2 Department of Computer Engineering, Purdue University, Indianapolis, Indiana, USA.
Review Article
World Journal of Advanced Research and Reviews, 2022, 14(03), 853-856
Received on 16 April 2022; revised on 26 June 2022; accepted on 29 June 2022
The rapid evolution of microservices and cloud-native architectures has made Application Programming Interfaces (APIs) a critical backbone for modern software systems. However, this shift also introduces complex security risks due to decentralized ownership, ephemeral service interactions, and increased external exposure. Threat modeling provides a structured and proactive approach to identifying and mitigating these risks before they manifest. This paper proposes a practical and adaptable framework for conducting API-centric threat modeling within microservices environments. It synthesizes established methodologies such as STRIDE and data flow diagrams (DFDs), integrates them with modern DevSecOps and Zero Trust principles, and aligns the framework with agile delivery processes. A real-world case study illustrates the application of this methodology to a Kubernetes-based retail platform, highlighting common risks and corresponding mitigations. The paper concludes with a call for continuous threat modeling, emphasizing its role as a living activity essential to securing distributed systems in 2022 and beyond.
Threat Modeling; API Security; Microservices; Cloud-Native; STRIDE; OWASP; Zero Trust; Security Architecture; DevSecOps; Kubernetes
Preview Article PDF
Ishva Jitendrakumar Kanani and Rashi Nimesh Kumar Dhenia. Threat Modeling for APIs in microservices architectures: A practical framework. World Journal of Advanced Research and Reviews, 2022, 14(3), 853-856. Article DOI: https://doi.org/10.30574/wjarr.2022.14.3.0458