Title :
Benchmarking the Security of Web Serving Systems Based on Known Vulnerabilities
Author :
Mendes, Naaliel ; Duraes, Joao ; Madeira, Henrique
Author_Institution :
Dept. of Inf. Eng., Univ. of Coimbra, Coimbra, Portugal
Abstract :
This paper proposes a methodology and a tool to evaluate the security risk presented when using software components or systems. The risk is estimated based on known vulnerabilities existing on the software components. An automated tool is used to extract and aggregate information on vulnerabilities reported by users and available on public databases (e.g., OSVDB and NVD). This tool generates comprehensive reports including the vulnerability type frequency, severity, exploitability, impact, and so on, and extracts correlations between aspects such as impact and representativeness, making possible the identification of aspects such as typical and worst impact for a given vulnerability. The proposed methodology, when applied to systems within the same class, enables buyers and system integrators to identify which system or component presents the lower security risk, helping them to select which system to use. The paper includes a case study to demonstrate the usefulness of the methodology and the tool.
Keywords :
Web services; file servers; security of data; Web serving system security; known vulnerabilities; vulnerability exploitability; vulnerability impact; vulnerability severity; vulnerability type frequency; Benchmark testing; Data mining; Databases; Equations; Proposals; Security; Software; CVSS; security benchmark; security risk; software vulnerabilities; vulnerabilities databases; vulnerability analysis;
Conference_Titel :
Dependable Computing (LADC), 2011 5th Latin-American Symposium on
Conference_Location :
Sao Jose dos Campos
Print_ISBN :
978-1-4244-9700-3
Electronic_ISBN :
978-0-7695-4320-8
DOI :
10.1109/LADC.2011.14
