[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

Enabling Dynamic Vulnerability Assessment for Multi-web Application Using Executable Directed Acyclic Graph

  • Conference paper
  • First Online:
Advanced Information Networking and Applications (AINA 2024)

Abstract

Implementing vulnerability assessment (VA) and penetration testing is one of the crucial methods to evaluate the security of web applications. The VA and Pentest results can be used to assess the present vulnerability of the system to help improve effective and up-to-date controls. However, using such static results for vulnerability analysis may not reflect the real situation of the organization’s security policy. In addition, the integration of VA results and adaptive vulnerability calculation of vulnerabilities found in web applications are not provided by existing VA tools. Essentially, a dynamic, and interactive vulnerability assessment system for web applications is crucial due to the dynamic nature of modern web applications causing the possible new threat landscapes. In this paper, we introduce DyVAM (Dynamic Vulnerability Assessment for Multi-Web Applications), a system that integrates OWASP ZAP results and Directed Acyclic Graphs (DAGs) for supporting interactive vulnerability analysis. Our proposed system also incorporates organizational policies into the vulnerability calculation to enable a more actionable and pertinent vulnerability assessment result. Finally, we conducted the experiments to substantiate the efficiency and practicality of our proposed system. The results demonstrate that DyVAM, when implemented with our proposed multi-threading approach, significantly improves processing speed compared to traditional processing.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 139.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 199.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Makino, Y., Klyuev, V.: Evaluation of web vulnerability scanners. In: 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), vol. 1, pp. 399–402. IEEE (2015)

    Google Scholar 

  2. Houmb, S.H., Franqueira, V.N., Engum, E.A.: Quantifying security risk level from cvss estimates of frequency and impact. J. Syst. Softw. 83(9), 1622–1634 (2010)

    Article  Google Scholar 

  3. Sethapanee, A., Nimitrchai, T., Fugkeaw, S.: Autorat: automated risk assessment tool for network mapper scanning. In: Meesad, P., Sodsee, S., Jitsakul, W., Tangwannawit, S. (eds.) IC2IT 2022. LNNS, vol. 453, pp. 99–110. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99948-3_10

    Chapter  Google Scholar 

  4. Prostov, A., Amfiteatrova, S.S., Butakova, N.G.: Construction and security analysis of private directed acyclic graph based systems for internet of things. In: 2021 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus), St. Petersburg, Moscow, Russia, pp. 2394–2398 (2021)

    Google Scholar 

  5. Lathifah, F.B.A., Rosidah, A., et al.: Security vulnerability analysis of the sharia crowdfunding website using owasp-zap. In: 2022 10th International Conference on Cyber and IT Service Management (CITSM), pp. 1–5. IEEE (2022)

    Google Scholar 

  6. Cahyani, D.D., Dewi, L.P.W.P., Suryadi, K.D.R., Listartha, I.M.E.: Analisis kerentanan website smp negeri 3 semarapura menggunakan metode pengujian rate limiting dan owasp. INSERT: Inf. Syst. Emerg. Technol. J. 2(2), 106–112 (2021)

    Google Scholar 

  7. Huang, L., Chen, X., Lai, X.: Computer network vulnerability assessment and safety evaluation application based on bayesian theory. Int. J. Secur. Appl. 10(12), 359–368 (2016)

    Google Scholar 

  8. Gu, H., et al.: Diava: a traffic-based framework for detection of SQL injection attacks and vulnerability analysis of leaked data. IEEE Trans. Reliab. 69(1), 188–202 (2019)

    Article  Google Scholar 

  9. Rahkema, K., Pfahl, D.: Swiftdependencychecker: detecting vulnerable dependencies declared through cocoapods, carthage and swift pm. In: Proceedings of the 9th IEEE/ACM International Conference on Mobile Software Engineering and Systems, pp. 107–111 (2022)

    Google Scholar 

  10. Humayun, M., Niazi, M., Jhanjhi, N., Alshayeb, M., Mahmood, S.: Cyber security threats and vulnerabilities: a systematic mapping study. Arab. J. Sci. Eng. 45, 3171–3189 (2020)

    Article  Google Scholar 

  11. [Online]. Available: https://vuldb.com/

  12. Kai, S., Zheng, J., Shi, F., Lu, Z.: A CVSS-based vulnerability assessment method for reducing scoring error. In: 2021 2nd International Conference on Electronics, Communications and Information Technology (2021)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Somchart Fugkeaw .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lapmoon, J., Kosolsriwiwat, T., Jiraporn, S., Fugkeaw, S. (2024). Enabling Dynamic Vulnerability Assessment for Multi-web Application Using Executable Directed Acyclic Graph. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2024. Lecture Notes on Data Engineering and Communications Technologies, vol 200. Springer, Cham. https://doi.org/10.1007/978-3-031-57853-3_2

Download citation

Publish with us

Policies and ethics