A thesis presenting the new wave of modeling threats for web applications focusing on the important security problems they face. Locating them on the Microsoft We Rock 24/7 architecture by using the STRIDE threat model, I will elaborate on the exercise by discussing the OWASP Top 10 Web application security vulnerabilities.