Threat Modelling for Active Directory

This paper analyses the security threats that can arise against an Active Directory server when it is included in a Web application. The approach is based on the STRIDE classification methodology. The paper also provides outline descriptions of countermeasures that can be deployed to protect against the different threats and vulnerabilities identified here

Threat Modelling for Active Directory

Abstract: This paper analyses the security threats that can arise against an Active Directory server when it is included in a Web application. The approach is based on the STRIDE classification methodology. The paper also provides outline descriptions of countermeasures that can be deployed to protect against the different threats and vulnerabilities identified here

A generic architecture for web applications to support threat analysis of infrastructural components

In order to perform a useful threat analysis of a web application platform, some architectural assumptions about such applications must be made. This document describes a generic architecture for typical 3-tier web applications. It serves as the basis for analyzing the threats in the most important infrastructural components in that architecture, presented in the following papers.status: publishe