earticle

영어

This paper presents a unified threat model for assessing threat in web applications. We extend the threat tree model with more semantic and context information about threat to form the new model which is used to analyze and evaluate threat in the software design stage. We utilize historical statistical information contained in this model to design threat mitigation schemes. The threat assessing results and mitigation schemes can be used to direct secure coding and testing. This makes it possible to design threat-resistant web applications by means of detecting and mitigating threat in the early software design stage.