Abstract
This paper gives a security analysis of Microsoft's ASP.NET technology. The main part of the paper is a list of threats which is structured according to an architecture of Web services and attack points. We also give a reverse table of threats against security requirements as well as a summary of security guidelines for IT developers. This paper has been worked out in collaboration with five University teams each of which is focussing on a different security problem area. We use the same architecture for Web services and attack points.
Chapter PDF
Similar content being viewed by others
Key words
9. References
J. Butler, T. Caudill-ASP.NET Database Programming-Weekend Crash Course (John Wiley & Sons Inc, 2002)
L. Desmet, B. Jacobs, F. Piessens, and W. Joosen. A generic architecture for web applications to support threat analysis of infrastructural components, Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK, pp155–160
MSDN Library-Improving web application security: Threats and Countermeasures http://msdn.microsoft.com/library/default.asp?ur=/library/en-us/dnnetsec/html/ThreatCounter.asp, 2003
Information Technology Security Evaluation Criteria (ITSEC):/ Provisional Harmonised Criteria. Luxembourg: Office for Official Publications of the European Communities, 1991. Bundesanzeiger Verlagsges., Köln 1992
The Common Criteria for Information Technology Security Evaluation (CC) version 2.1, Sep 2000. Part 1-Intro & General Model; Part 2-Functional Requirements; Part 3-Assurance Requirements. Standardised as ISO/IEC 15408 1999 (E), available from http://csrc.nist.gov/cc/
Don Box-Migrating Native Code to the.NET CLR http://msdn.microsoft.com/library/default.asp?url=/msdnmag/issues/01/05/com/toc.asp, 2001
L. Desmet, B. Jacobs, F. Piessens, and W. Joosen. Threat modelling for web services based web applications. Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK. pp 161–174
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Grimm, R., Eichstädt, H. (2005). Threat Modelling for ASP.NET. In: Chadwick, D., Preneel, B. (eds) Communications and Multimedia Security. IFIP — The International Federation for Information Processing, vol 175. Springer, Boston, MA. https://doi.org/10.1007/0-387-24486-7_11
Download citation
DOI: https://doi.org/10.1007/0-387-24486-7_11
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-24485-3
Online ISBN: 978-0-387-24486-0
eBook Packages: Computer ScienceComputer Science (R0)