Log In Sign Up

Web Application Weakness Ontology Based on Vulnerability Data

by   Onyeka Ezenwoye, et al.

Web applications are becoming more ubiquitous. All manner of physical devices are now connected and often have a variety of web applications and web-interfaces. This proliferation of web applications has been accompanied by an increase in reported software vulnerabilities. The objective of this analysis of vulnerability data is to understand the current landscape of reported web application flaws. Along those lines, this work reviews ten years (2011 - 2020) of vulnerability data in the National Vulnerability Database. Based on this data, most common web application weaknesses are identified and their profiles presented. A weakness ontology is developed to capture the attributes of these weaknesses. These include their attack method and attack vectors. Also described is the impact of the weaknesses to software quality attributes. Additionally, the technologies that are susceptible to each weakness are presented, they include programming languages, frameworks, communication protocols, and data formats.


page 1

page 2

page 3

page 4


A Historical and Statistical Studyof the Software Vulnerability Landscape

Understanding the landscape of software vulnerabilities is key for devel...

Is the OWASP Top 10 list comprehensive enough for writing secure code?

The OWASP Top 10 is a list that is published by the Open Web Application...

Vulnerability Coverage as an Adequacy Testing Criterion

Mainstream software applications and tools are the configurable platform...

Common Vulnerability Scoring System Prediction based on Open Source Intelligence Information Sources

The number of newly published vulnerabilities is constantly increasing. ...

Robin: A Web Security Tool

Thanks to the advance of technology, all kinds of applications are becom...

Toward Validation of Textual Information Retrieval Techniques for Software Weaknesses

This paper presents a preliminary validation of common textual informati...

Technical Report: Gone in 20 Seconds – Overview of a Password Vulnerability in Siemens HMIs

Siemens produce a range of industrial human machine interface (HMI) scre...