Halit Alptekin, Simge Demir, Şevval Şimşek, Cemal Yilmaz
{"title":"Towards Prioritizing Vulnerability Testing","authors":"Halit Alptekin, Simge Demir, Şevval Şimşek, Cemal Yilmaz","doi":"10.1109/qrs-c51114.2020.00114","DOIUrl":null,"url":null,"abstract":"Vulnerability assessment is the process of identifying and prioritizing the vulnerabilities in a system. Vulnerability scanners can, for example, scan a website for known vulnerabilities by running a repository of security tests, each of which is designed to reveal a known vulnerability. As the security tests need to be executed on each and every web page encountered, it may take quite a while for these scanners to report vulnerabilities. In this work, we present an approach for revealing the vulnerabilities faster by prioritizing the executions of the security tests on a per web page basis. The approach is based on a simple conjecture that “similar” web pages may possess “similar” vulnerabilities and that identifying these similarities can help prioritize the security tests. The results of the experiments we carried out by using 2927 distinct web pages (collected from 80 web sites), support our basic hypothesis; the percentages of the times the actual vulnerabilities appear in the top 8 and 15 predicted vulnerabilities were 86.9% and 98.4%, respectively.","PeriodicalId":358174,"journal":{"name":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","volume":"208 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/qrs-c51114.2020.00114","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Vulnerability assessment is the process of identifying and prioritizing the vulnerabilities in a system. Vulnerability scanners can, for example, scan a website for known vulnerabilities by running a repository of security tests, each of which is designed to reveal a known vulnerability. As the security tests need to be executed on each and every web page encountered, it may take quite a while for these scanners to report vulnerabilities. In this work, we present an approach for revealing the vulnerabilities faster by prioritizing the executions of the security tests on a per web page basis. The approach is based on a simple conjecture that “similar” web pages may possess “similar” vulnerabilities and that identifying these similarities can help prioritize the security tests. The results of the experiments we carried out by using 2927 distinct web pages (collected from 80 web sites), support our basic hypothesis; the percentages of the times the actual vulnerabilities appear in the top 8 and 15 predicted vulnerabilities were 86.9% and 98.4%, respectively.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
