Web resource security analysis based on CVSS metrics
Based on the analysis of vulnerability data for web resources and the CVSS metric, the distribution of the average CVSS (Common Vulnerability Scoring System standard for calculating a numerical vulnerability score on a ten-point scale) score for the websites of theRepublicofBelaruswas studied. The h...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | Russian |
| Published: |
National Academy of Sciences of Belarus, the United Institute of Informatics Problems
2020-09-01
|
| Series: | Informatika |
| Subjects: | |
| Online Access: | https://inf.grid.by/jour/article/view/1063 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849240215098490880 |
|---|---|
| author | Sh. R. Davlatov P. V. Kuchinsky, |
| author_facet | Sh. R. Davlatov P. V. Kuchinsky, |
| author_sort | Sh. R. Davlatov |
| collection | DOAJ |
| description | Based on the analysis of vulnerability data for web resources and the CVSS metric, the distribution of the average CVSS (Common Vulnerability Scoring System standard for calculating a numerical vulnerability score on a ten-point scale) score for the websites of theRepublicofBelaruswas studied. The hypothesis on the distribution of the CVSS vulnerability assessment according to Poisson's law was tested by chi-square criteria. It was found that about 10% of web resources from the original general of samples of 19000 size have a critical averaged assessment level of vulnerability. As part of this work an universal system for collecting technical information about active web resources on the Internet from public directories and registries has been developed. Specific search templates have been developed using RegExp JavaScript expressions to detect the versions of technologies that were used to create websites. Based on this data the percentage distribution of used technologies, top-level domains and the geographical location of the servers were calculated. Proposed system can be adapted to any unique conditions required by information security specialists to conduct a security audit of web resources. |
| format | Article |
| id | doaj-art-614adafe608a4dccafcd70bc6dbd7817 |
| institution | Kabale University |
| issn | 1816-0301 |
| language | Russian |
| publishDate | 2020-09-01 |
| publisher | National Academy of Sciences of Belarus, the United Institute of Informatics Problems |
| record_format | Article |
| series | Informatika |
| spelling | doaj-art-614adafe608a4dccafcd70bc6dbd78172025-08-20T04:00:40ZrusNational Academy of Sciences of Belarus, the United Institute of Informatics ProblemsInformatika1816-03012020-09-01173727710.37661/1816-0301-2020-17-3-72-77931Web resource security analysis based on CVSS metricsSh. R. Davlatov0P. V. Kuchinsky,1Belarusian State University of Informatics and RadioelectronicsA. N. Sevchenko Institute of Applied Physical Problems of Belarusian State UniversityBased on the analysis of vulnerability data for web resources and the CVSS metric, the distribution of the average CVSS (Common Vulnerability Scoring System standard for calculating a numerical vulnerability score on a ten-point scale) score for the websites of theRepublicofBelaruswas studied. The hypothesis on the distribution of the CVSS vulnerability assessment according to Poisson's law was tested by chi-square criteria. It was found that about 10% of web resources from the original general of samples of 19000 size have a critical averaged assessment level of vulnerability. As part of this work an universal system for collecting technical information about active web resources on the Internet from public directories and registries has been developed. Specific search templates have been developed using RegExp JavaScript expressions to detect the versions of technologies that were used to create websites. Based on this data the percentage distribution of used technologies, top-level domains and the geographical location of the servers were calculated. Proposed system can be adapted to any unique conditions required by information security specialists to conduct a security audit of web resources.https://inf.grid.by/jour/article/view/1063information securitysecurity assessmentwebsiteweb servercvss metricprogramming language javascript |
| spellingShingle | Sh. R. Davlatov P. V. Kuchinsky, Web resource security analysis based on CVSS metrics Informatika information security security assessment website web server cvss metric programming language javascript |
| title | Web resource security analysis based on CVSS metrics |
| title_full | Web resource security analysis based on CVSS metrics |
| title_fullStr | Web resource security analysis based on CVSS metrics |
| title_full_unstemmed | Web resource security analysis based on CVSS metrics |
| title_short | Web resource security analysis based on CVSS metrics |
| title_sort | web resource security analysis based on cvss metrics |
| topic | information security security assessment website web server cvss metric programming language javascript |
| url | https://inf.grid.by/jour/article/view/1063 |
| work_keys_str_mv | AT shrdavlatov webresourcesecurityanalysisbasedoncvssmetrics AT pvkuchinsky webresourcesecurityanalysisbasedoncvssmetrics |