• DocumentCode
    3175584
  • Title

    Quantitative Evaluation of Related Web-Based Vulnerabilities

  • Author

    Subramanian, Deepak ; Ha Thanh Le ; Loh, Peter Kok Keong ; Premkumar, Annamalai Benjamin

  • Author_Institution
    Sch. of Comput. Eng., Nanyang Technol. Univ., Singapore, Singapore
  • fYear
    2010
  • fDate
    9-11 June 2010
  • Firstpage
    118
  • Lastpage
    125
  • Abstract
    Current web application scanner reports contribute little to diagnosis and remediation when dealing with vulnerabilities that are related or vulnerability variants. We propose a quantitative framework that combines degree of confidence reports pre-computed from various scanners. The output is evaluated and mapped based on derived metrics to appropriate remediation for the detected vulnerabilities and vulnerability variants. The objective is to provide a trusted level of diagnosis and remediation that is appropriate. Examples based on commercial scanners and existing vulnerabilities and variants are used to demonstrate the framework´s capability.
  • Keywords
    Web sites; invasive software; program verification; software performance evaluation; Web application scanner; Web based vulnerability; quantitative evaluation; Application software; Detection algorithms; Phase detection; Quality assurance; Reliability engineering; Risk analysis; Security; Standardization; Terminology; Web services; framework; mapping model; remediation; variant; vulnerability;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Secure Software Integration and Reliability Improvement Companion (SSIRI-C), 2010 Fourth International Conference on
  • Conference_Location
    Singapore
  • Print_ISBN
    978-1-4244-7644-2
  • Type

    conf

  • DOI
    10.1109/SSIRI-C.2010.30
  • Filename
    5521569
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3175584