DeepAI
Log In Sign Up

Web Application Weakness Ontology Based on Vulnerability Data

09/16/2022
by   Onyeka Ezenwoye, et al.
0

Web applications are becoming more ubiquitous. All manner of physical devices are now connected and often have a variety of web applications and web-interfaces. This proliferation of web applications has been accompanied by an increase in reported software vulnerabilities. The objective of this analysis of vulnerability data is to understand the current landscape of reported web application flaws. Along those lines, this work reviews ten years (2011 - 2020) of vulnerability data in the National Vulnerability Database. Based on this data, most common web application weaknesses are identified and their profiles presented. A weakness ontology is developed to capture the attributes of these weaknesses. These include their attack method and attack vectors. Also described is the impact of the weaknesses to software quality attributes. Additionally, the technologies that are susceptible to each weakness are presented, they include programming languages, frameworks, communication protocols, and data formats.

READ FULL TEXT

page 1

page 2

page 3

page 4

02/02/2021

A Historical and Statistical Studyof the Software Vulnerability Landscape

Understanding the landscape of software vulnerabilities is key for devel...
02/26/2020

Is the OWASP Top 10 list comprehensive enough for writing secure code?

The OWASP Top 10 is a list that is published by the Open Web Application...
06/14/2020

Vulnerability Coverage as an Adequacy Testing Criterion

Mainstream software applications and tools are the configurable platform...
10/05/2022

Common Vulnerability Scoring System Prediction based on Open Source Intelligence Information Sources

The number of newly published vulnerabilities is constantly increasing. ...
07/13/2020

Robin: A Web Security Tool

Thanks to the advance of technology, all kinds of applications are becom...
09/05/2018

Toward Validation of Textual Information Retrieval Techniques for Software Weaknesses

This paper presents a preliminary validation of common textual informati...
09/08/2020

Technical Report: Gone in 20 Seconds – Overview of a Password Vulnerability in Siemens HMIs

Siemens produce a range of industrial human machine interface (HMI) scre...