This paper looks at some of the information security challenges of Web based Open Source applications through a case study of the Sage Notebook application.

Considering the core underlying issues of open source and web based applications, predominately the fact that the source code of the application is exposed to any potential attacker, the paper investigates methodologies to examine and improve upon the security of such applications.

The Sage Notebook application provides some unique information security challenges, both in terms of analysis and mitigation. The paper uses a structured threat modelling process based on industry methodologies to identify threats and vulnerabilities to both the Sage open source development process and the application itself. It rates the discovered threats and suggests several mitigation options to consider.

The paper analyses the ndings, focusing on several architectural and design mitigation options, and investigates some of the technologies and tools to address the discovered threats and vulnerabilities most eectively. It covers generic open source and web based security challenges as well as issues aecting cloud computing, software as a service, virtualisation, process isolation and containments and others.