Improving Web Application Security: Threats and Countermeasures
For additional related reading, see the following resources:
-
For information on attack patterns, see "Attack Modeling for Information Security and Survivability," by Andrew P. Moore, Robert J. Ellison, and Richard C. Linger at http://www.cert.org/archive/pdf/01tn001.pdf
-
For information on evaluating threats, assets and vulnerabilities, see "Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0" on the Carnegie Mellon Software Engineering Institute Web site at http://www.sei.cmu.edu/ publications /documents/ 99. reports /99tr017/99tr017figures.html
-
For a walkthrough of threat modeling, see "Architect WebCast: Using Threat Models to Design Secure Solutions" at http://www.microsoft.com/usa/ webcasts/ondemand/1617.asp
-
For more information on creating DFDs, see Writing Secure Code, Second Edition , by Michael Howard, David C. LeBlanc.
Категории