For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Research on Coordinated Simulation of Medical Robot Arm Based on Simulink and RecurDyn
p.1300
Energy Wave Transmission and Control Analysis in Force Reflection Teleoperation Based on Interconnected Power Line
p.1306
Liver Image Segmentation Using Improved Watershed Method
p.1311
An Approach to Expert Finding Based on Multi-Granularity Two-Tuple Linguistic Information
p.1317
STRIDE – Based Risk Assessment for Web Application
p.1323
Image-Based Simulation for Snowy Scenes
p.1329
A Primary Study on the Relationship between Internet Involvement and Adolescents’ Mental Health
p.1336
Thermal Wave Image Reconstruction of Bonding Defects in Missile Engine Shell
p.1344
An Effective Conversion Algorithm of Arithmetic Expression from Infix Form to Prefix Form
p.1350

STRIDE – Based Risk Assessment for Web Application

Article Preview

Abstract:

This paper proposes a lightweight model as an alternative methodology of risk assessment for web applications. The assessment model presented in this paper takes into account not only the threats to the web applications but also the environments where they are hosted. STRIDE model is used as a measure to identify the threats by analyzing dataflow, data store and process presented in dataflow diagram. Moreover, DREAD is used to calculate the security risk of each threat, which is extended with the consideration of the assets’ criticalities and their application environments.

You might also be interested in these eBooks
Information Technology for Manufacturing Systems II View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 58-60)

Pages:

1323-1328

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.58-60.1323

Citation:

Cite this paper

Online since:

June 2011

Authors:

Hui Guan, Wei Ru Chen, Han Li, Jun Wang

Keywords:

Dataflow, Risk Assessment, Threat, Vulnerability, Web Application

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2011 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

References

[1] CERT/CC. Available: http: /www. cert. org/stats/cert_stats. html.

Google Scholar

[2] D. Cotroneo, A. Mazzeo, L. Romano and S. Russo. Implementing a CORBA-Based Architecture for Leveraging the Security Level of Existing Applications, Lecture Notes In Computer Science; Vol. 2519, On the Move to Meaningful Internet Systems, (2002).

DOI: 10.1007/3-540-36124-3_49

Google Scholar

[3] R. Brunil, M.H. Hisham and M. Jorge. A Mehodological Tool for Asset Identification in Web Applications,. 2009 Fourth International Conference on Software Engineering Advances, 2009, Pages(s): 413-418.

Google Scholar

[4] Web Application Security Trends Report [Online], Available: http: /www. cenzic. com/downloads/Cenzic_AppSecTrends_Q3-Q4-2008. pdf.

Google Scholar

[5] H. Guan, W. Chen, L. Liu and H. Yang. Environment-driven Threat Elicitation for Web Applications,. 5th International KES Conference on Agents and Multi-agent Systems – Technologies and Applications, 2011 (Accepted).

DOI: 10.1007/978-3-642-22000-5_31

Google Scholar

[6] Risk Management Guide for Information Technology Systems [Online]. Available: http: /csrc. nist. gov/publications/nistpubs/800-30/sp800-30. pdf.

Google Scholar

[7] Ministerio de Administraciones Públicas. Methodology for Information Systems Risk Analysis and Management – MAGERIT (version2),. Book I: The method, 2006. http: /www. csi. map. es/csi/pdf /magerit_v2/magerit_methode_en_v11. pdf.

Google Scholar

[8] A Complete Guide to the Common Vulnerability Scoring System Version 2. 0,. Available: http: /www. first. org/cvss/cvss-guide. html#i2. 2. 1.

Google Scholar

[9] OCTAVE. Available: http: /www. cert. org/octave.

Google Scholar

[10] D. De Cock, K. Wouters, D. Schellekens, D. Singelee, and B. Preneel. Threat modelling for security tokens in web applications, Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK, pp.213-223.

DOI: 10.1007/0-387-24486-7_14

Google Scholar

[11] L. Jiang, H. chen and F. Deng. A security evaluation method based on STRIDE model for web service, 2010 2nd International Workshop on Intelligent Systems and Applications (ISA), (2010).

DOI: 10.1109/iwisa.2010.5473445

Google Scholar

[12] J. P. Jesan. Threat modeling web-applications using STRIDE average model,. Computer Security Conference, (2008).

Google Scholar

[13] S. Al-Fedaghi and A.A. Alrashed. Threat Risk Modeling". ICCSN , 10. Second International Conference on Communication Software and Networks, 2010, Page(s): 405 – 411.

DOI: 10.1109/iccsn.2010.29

Google Scholar

[14] M. Howard and D. LeBlanc, Writing Secure Code, 2nd ed. Redmond: Microsoft Corporation, (2003).

Google Scholar

[15] Threat risk modeling. Available: http: /www. owasp. org/index. php/Threat_Risk_Modeling.

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.