Security Metrics Model for Web Application Vulnerability Analysis
نویسنده
چکیده
Web pages today are currently used in contemporary business transaction worldwide for its obvious advantage of wider outreach. Business transactions on an unsecured web site expose the parties involved in the transaction to risks ranging from fraud to loss of integrity as well as fund loss. This paper examines security metrics models available for web application systems and proposes a model for evaluating the security status/posture of web applications for vulnerability analysis. The model extracts vulnerability attributes associated with authentication and authorization features in character size count of login parameters in a password, auto-complete status, hypertext mark-up language (HTML) component tags and control buttons as well as cross-site scripting and structured query language (sql) injection. The result obtained from the vulnerability attributes of the web page is used to rank the security status of the web page.
منابع مشابه
Security Metrics Model for Web Page Vulnerability Classification and Ranking
Metrology, the science of measurement, is very important in the development of science and engineering principles if any meaningful progress will be made in these fields. This concept also applies to computer security if decision makers are to rely on judgment based on metrics. Management needs to establish how secured their organizations are, the amount of resources to allocate to various comp...
متن کاملRelationship between Attack Surface and Vulnerability Density: A Case Study on Apache HTTP Server
Software Security metrics are quantitative measures related to a software system’s level of trustworthiness. They can be used to aid in resource allocation, program planning, risk assessment, and product and service selection. Recently researchers have proposed several software security metrics. Among these are attack surface and vulnerability density. The attack surface measure has been used b...
متن کاملSecurity Analysis and Improvement Model for Web-based Applications
Security Analysis and Improvement Model for Web-based Applications. (December 2008) Yong Wang, B.S.; M.S., Anhui Agricultural University, China; M.S., Texas A&M University Co-Chairs of Advisory Committee: Dr. William M. Lively Dr. Dick B. Simmons Today the web has become a major conduit for information. As the World Wide Web’s popularity continues to increase, information security on the web ha...
متن کاملCan Fault Prediction Models and Metrics be Used for Vulnerability Prediction?
Finding security vulnerabilities requires a different mindset than finding general faults in software thinking like an attacker. Therefore, security engineers looking to prioritize security inspection and testing efforts may be better served by a prediction model that indicates security vulnerabilities rather than faults. At the same time, faults and vulnerabilities have commonalities that may ...
متن کاملEnemy of the State: A State-Aware Black-Box Web Vulnerability Scanner
Black-box web vulnerability scanners are a popular choice for finding security vulnerabilities in web applications in an automated fashion. These tools operate in a point-and-shootmanner, testing any web application— regardless of the server-side language—for common security vulnerabilities. Unfortunately, black-box tools suffer from a number of limitations, particularly when interacting with c...
متن کامل