Pregled bibliografske jedinice broj: 1234786
Predicting Vulnerabilities in Web Applications Based on Website Security Model
Predicting Vulnerabilities in Web Applications Based on Website Security Model // 2022 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)
Split, Hrvatska: Institute of Electrical and Electronics Engineers (IEEE), 2022. str. 1-6 doi:10.23919/softcom55329.2022.9911436 (predavanje, recenziran, cjeloviti rad (in extenso), znanstveni)
CROSBI ID: 1234786 Za ispravke kontaktirajte CROSBI podršku putem web obrasca
Naslov
Predicting Vulnerabilities in Web Applications
Based on Website Security Model
Autori
Kovačević, Ivan ; Marović, Mihael ; Groš, Stjepan ; Vuković, Marin
Vrsta, podvrsta i kategorija rada
Radovi u zbornicima skupova, cjeloviti rad (in extenso), znanstveni
Izvornik
2022 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)
/ - : Institute of Electrical and Electronics Engineers (IEEE), 2022, 1-6
Skup
30th International Conference on Software, Telecommunications and Computer Networks (SoftCOM 2022)
Mjesto i datum
Split, Hrvatska, 22.09.2022. - 24.09.2022
Vrsta sudjelovanja
Predavanje
Vrsta recenzije
Recenziran
Ključne riječi
website security model , website compromise , security features , vulnerability prediction
Sažetak
Web sites and services are probably the most used digital channels today, from ordinary web-sites to cloud services that enable many aspects of our digital lives. Due to the popularity of the web, it is also a very common target of cyber attacks that typically focus either on web application itself or on the underlying server infrastructure. Regarding the highest level of the stack - the web application - there are many available frameworks and content management systems (CMS) for rapid web development, from the ones more oriented to developers (e.g. Spring, Django) to the ones that focus on end users (e.g. Wordpress, Joomla). Typical problem with using a framework or a CMS is the need for constant care of its security, which is done by regular patching of the systems. When going a bit lower towards the web server, one can observe the security related features that might or might not be implemented on the server, such as header security (e.g. cookie related flags, force of encryption etc.). The state of all the mentioned parameters can well be obtained by web crawlers that can browse the web and collect specific information about web applications, sites and servers that run them. In this paper, we propose a model for estimating the possibility of web compromise based on the historical crawler collected data. Due to large amounts of data that can be gathered from the web sites and, especially, indication of compromise of particular web sites, we can determine what factors might lead to a compromise in near future. In this sense, we propose a method for analyzing web site data with respect to known compromises from historical data. We build a model that describes a web site's security state and use the method for estimating how secure the modeled web is and how likely it would become a victim of compromise.
Izvorni jezik
Engleski
POVEZANOST RADA
Ustanove:
Fakultet elektrotehnike i računarstva, Zagreb
