Threat Modelling for SQL Servers - Designing a Secure Database in a Web Application

نویسندگان

Elisa Bertino

Danilo Bruschi

Stefano Franzoni

Igor Nai Fovino

Stefano Valtolina

چکیده

In this paper we present the results from an analysis focusing on security threats that can arise against an SQL server when included in Web application environments. The approach used is based on the STRIDE classification methodology. The results presented provide also some general guidelines and countermeasures against the different attacks that can exploit the identified

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Separating indexes from data: a distributed scheme for secure database outsourcing

Database outsourcing is an idea to eliminate the burden of database management from organizations. Since data is a critical asset of organizations, preserving its privacy from outside adversary and untrusted server should be warranted. In this paper, we present a distributed scheme based on storing shares of data on different servers and separating indexes from data on a distinct server. Shamir...

متن کامل

Explorative Study of SQL Injection Attacks and Mechanisms to Secure Web Application Database- A Review

The increasing innovations in web development technologies direct the augmentation of user friendly web applications. With activities like online banking, shopping, booking, trading etc. these applications have become an integral part of everyone’s daily routine. The profit driven online business industry has also acknowledged this growth because a thriving application provides the global platf...

متن کامل

ملزومات امنیتی پیاده‌سازی IMS SIP سرور امن

IMS (IP Multimedia Subsystem) network is considered as an NGN (Next Generation Network) core networks by ETSI. Decomposition of IMS core network has resulted in a rapid increase of control and signaling message that makes security a required capability for IMS commercialization. The control messages are transmitted using SIP (Session Initiation Protocol) which is an application layer protocol. ...

متن کامل

Threat Modelling for Web Services Based Web Applications

Threat analysis of a web application can lead to a wide variety of identified threats. Some of these threats will be very specific to the application; others will be more related to the underlying infrastructural software, such as the web or application servers, the database, the directory server and so forth. This paper analyzes the threats that can be related to the use of web services techno...

متن کامل

A Role-Based Access Control for Intranet Security

T hrough its open standards, the Internet set the foundation for the global community and access to resources that millions of computer users enjoy today. The benefits that accrue to the global community from this approach are also available to corporate enterprises through intranets, private information networks that use Internet software and standards but are not accessible from the Internet-...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2004

Threat Modelling for SQL Servers - Designing a Secure Database in a Web Application

نویسندگان

چکیده

منابع مشابه

Separating indexes from data: a distributed scheme for secure database outsourcing

Explorative Study of SQL Injection Attacks and Mechanisms to Secure Web Application Database- A Review

ملزومات امنیتی پیاده‌سازی IMS SIP سرور امن

Threat Modelling for Web Services Based Web Applications

A Role-Based Access Control for Intranet Security

عنوان ژورنال:

اشتراک گذاری