A bank serves its clients through a Webserver, which accesses a backend database.

Depending on the client's request, the server sends a SQL query to the database. The

Webserver formats the data retrieved from the database and presents it to the client. The

Systems Administrator of the bank manages the Webserver, while the Financial Manager of the

bank is the owner of the bank database. $[20]$ i$)$ As the Information Security Analyst hired by the

bank, list resources would you want to protect?

ii$)$ Who are the different users and what should be their privileges?

iii$)$ Draw a DFD and mark the attack surfaces $($trust boundaries$)$

iv$)$ Conduct STRIDE threat modeling, find vulnerabilities, and suggest strategies for

mitigation of threats caused by the vulnerabilities.