With the popularity of the Internet of Things on the rise, sensor networks have become essential parts of traditional Information and Communication Technology (ICT) infrastructures in a wide variety of applications. However, their increasing complexity, inter-connectivity, and pervasive implementation, exposes these infrastructures to a large variety of security threats. As a result, practical security analysis needs to be performed to evidentiate the possible vulnerable points in IoT infrastructures. In this work we consider a typical architecture of a data aggregation platform with publish-subscribe support composed of interconnected sensor and ICT infrastructures. We present a comprehensive threat analysis by considering the availability, integrity, and confidentiality security... objectives. We describe the experimental results of a case study performed on a real, laboratory-scale implementation of an IoT-based application. Finally, we demonstrate that modern IoT-based software are susceptible to cyber attacks that use traditional attack vectors and recently reported vulnerabilities, e.g., Heartbleed and Shellshock.