Title :
Quantitative Evaluation of Related Web-Based Vulnerabilities
Author :
Subramanian, Deepak ; Ha Thanh Le ; Loh, Peter Kok Keong ; Premkumar, Annamalai Benjamin
Author_Institution :
Sch. of Comput. Eng., Nanyang Technol. Univ., Singapore, Singapore
Abstract :
Current web application scanner reports contribute little to diagnosis and remediation when dealing with vulnerabilities that are related or vulnerability variants. We propose a quantitative framework that combines degree of confidence reports pre-computed from various scanners. The output is evaluated and mapped based on derived metrics to appropriate remediation for the detected vulnerabilities and vulnerability variants. The objective is to provide a trusted level of diagnosis and remediation that is appropriate. Examples based on commercial scanners and existing vulnerabilities and variants are used to demonstrate the framework´s capability.
Keywords :
Web sites; invasive software; program verification; software performance evaluation; Web application scanner; Web based vulnerability; quantitative evaluation; Application software; Detection algorithms; Phase detection; Quality assurance; Reliability engineering; Risk analysis; Security; Standardization; Terminology; Web services; framework; mapping model; remediation; variant; vulnerability;
Conference_Titel :
Secure Software Integration and Reliability Improvement Companion (SSIRI-C), 2010 Fourth International Conference on
Conference_Location :
Singapore
Print_ISBN :
978-1-4244-7644-2
DOI :
10.1109/SSIRI-C.2010.30
