Secure deployment of business process services via public networks

Abstract

Modern Business Process Management Systems enable customers to model processes and to design user interfaces without charging expensive IT specialists. To enable them to integrate such a system with their public web applications in the same manner, the upcoming security issues need to be discussed. This thesis provides a collection of identified attack patterns which are related to this scenario. These patterns are enriched with appropriate prevention recommendations. Additional, an abstract analysis method is described to identify a web application firewall configuration to secure the scenario. This analysis method gets exemplary used to identify a web application firewall configuration for a scenario with IBM Business Process Manager v.8.5.0.1 Standard.