期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2008
卷号:2
期号:3
出版社:SERSC
摘要:This paper presents a unified threat model for assessing threat in web applications. We extend the threat tree model with more semantic and context information about threat to form the new model which is used to analyze and evaluate threat in the software design stage. We utilize historical statistical information contained in this model to design threat mitigation schemes. The threat assessing results and mitigation schemes can be used to direct secure coding and testing. This makes it possible to design threat-resistant web applications by means of detecting and mitigating threat in the early software design stage.