Abstract
Threat analysis of a web application can lead to a wide variety of identified threats. Some of these threats will be very specific to the application; others will be more related to the underlying infrastructural software, such as the web or application servers, the database, the directory server and so forth. This paper analyzes the threats that can be related to the use of web services technology in a web application. It is part of a series of papers, written by different academic teams, that each focus on one particular technological building block for web applications.
Chapter PDF
Similar content being viewed by others
8. References
L. Desmet, B. Jacobs, F. Piessens, and W. Joosen. A generic architecture for web applications to support threat analysis of infrastructural components, Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK, pp 155–160
D. De Cock, K. Wouters, D. Schellekens, D. Singelee, and B. Preneel. Threat modelling for security tokens in web applications, Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK, pp 213–223
R. Grimm and H. Eichstädt Threat Modelling for ASP.NET — Designing Secure Applications, Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK, pp 175–187
E. Bertino, D. Bruschi, S. Franzoni, I. Nai-Fovino, and S. Valtolina. Threat modelling for SQL Server, Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK, pp 189–201
D. W. Chadwick. Threat Modelling for Active Directory. Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK, pp203–212
Microsoft Patterns and Practices: Building Secure ASP.NET Applications, Microsoft Press, January 2003.
Microsoft Patterns and Practices: Designing Application Managed Authorization, http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/DAMAZ.asp
Microsoft Patterns and Practices: Improving Web application security: Threats and Countermeasures, Microsoft Press, June 2003.
W3C Note, SOAP: Simple Object Access Protocol 1.1, May 2000, http://www.w3.org/TR/2000/NOTE-SOAP-20000508/
W3C Note, Web Services Description Language (WSDL) 1.1, 15 March 2001, http://www. w3.org/TR/2001 /NOTE-wsdl-20010315/
UDDI.org white paper, UDDI Technical White Paper, 6 September 2000, http://www.uddi.Org/pubs/Iru_UDDI_Technical_White_Paper.pdf
Hartman, Flinn, Beznosov, Kawamoto. Mastering Web Services Security. Wiley Publishing 2003.
Howard, LeBlanc. Writing Secure Code 2nd edition, Microsoft Press, 2003.
Designing Secure Application project (DeSecA), final report, May 2004.
M. Lund, I. Hogganvik, F. Seehusen, and K. Stolen. UML profile for security assessment, Technical report STF40 A03066, SINTEF Telecom and Informatics, December 2003.
M. Lund, F. den Braber, K. Stolen, and F. Vraalsen. A UML profile for the identification and analysis of security risks during structured brainstorming, Technical report STF40 A03067, SINTEF ICT, May 2004.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Desmet, L., Jacobs, B., Piessens, F., Joosen, W. (2005). Threat Modelling for Web Services Based Web Applications. In: Chadwick, D., Preneel, B. (eds) Communications and Multimedia Security. IFIP — The International Federation for Information Processing, vol 175. Springer, Boston, MA. https://doi.org/10.1007/0-387-24486-7_10
Download citation
DOI: https://doi.org/10.1007/0-387-24486-7_10
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-24485-3
Online ISBN: 978-0-387-24486-0
eBook Packages: Computer ScienceComputer Science (R0)