Threat Modelling for SQL Servers
In this paper the authors present the results from an analysis focusing on security threats that can arise against an SQL server when included in Web application environments. The approach used is based on the STRIDE classification methodology. The results presented provide also some general guidelines and countermeasures against the different attacks that can exploit the identified vulnerabilities. In the last few years the use of the Internet has experienced an exponential growth and the World Wide Web has become the main instrument for information sharing. Such trends have pushed the development of a new kind of service architecture, specifically tailored at supporting data sharing among remotely connected clients, which is based on the concept of Web Applications.