论文信息 - Cost-Effective and Active Security Verification Framework for Web Application Vulnerabilities

Cost-Effective and Active Security Verification Framework for Web Application Vulnerabilities

Many companies have struggled to manage Web vulnerabilities and security incidents have also frequently happened. The current inspection methods are mainly based on the OWASP vulnerabilities. In practice, however, it is very difficult to cope with frequent changes of Web applications. In this paper, we first investigate the existing quantification of Web application vulnerabilities and verification process. Then we propose an improved inspection framework which is focused on removing essential and realistic vulnerabilities and active verification process.

[1] Sang-Hun Jeon,et al. A Web application vulnerability scoring framework by categorizing vulnerabilities according to privilege acquisition , 2012 .

[2] P. Bowen,et al. Information Security Handbook: A Guide for Managers , 2006 .

[3] Karen Scarfone,et al. Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.