Web resource security analysis based on CVSS metrics
Based on the analysis of vulnerability data for web resources and the CVSS metric, the distribution of the average CVSS (Common Vulnerability Scoring System standard for calculating a numerical vulnerability score on a ten-point scale) score for the websites of theRepublicofBelaruswas studied. The h...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | Russian |
| Published: |
National Academy of Sciences of Belarus, the United Institute of Informatics Problems
2020-09-01
|
| Series: | Informatika |
| Subjects: | |
| Online Access: | https://inf.grid.by/jour/article/view/1063 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Based on the analysis of vulnerability data for web resources and the CVSS metric, the distribution of the average CVSS (Common Vulnerability Scoring System standard for calculating a numerical vulnerability score on a ten-point scale) score for the websites of theRepublicofBelaruswas studied. The hypothesis on the distribution of the CVSS vulnerability assessment according to Poisson's law was tested by chi-square criteria. It was found that about 10% of web resources from the original general of samples of 19000 size have a critical averaged assessment level of vulnerability. As part of this work an universal system for collecting technical information about active web resources on the Internet from public directories and registries has been developed. Specific search templates have been developed using RegExp JavaScript expressions to detect the versions of technologies that were used to create websites. Based on this data the percentage distribution of used technologies, top-level domains and the geographical location of the servers were calculated. Proposed system can be adapted to any unique conditions required by information security specialists to conduct a security audit of web resources. |
|---|---|
| ISSN: | 1816-0301 |