Fuzzy Rule-Based Vulnerability Assessment Framework for Web Applications

This paper addresses the problem of assessing risk in web application due to implementation level vulnerabilities. In particular, the authors address the common research challenge of finding enough historical data to compute the probability of vulnerabilities and exploitations. They develop a Fuzzy Logic based System (FLS)1 to compute the risk uniformly and to address the diversity of risks. The authors propose a set of crisp metrics that are used to define fuzzy sets. They also develop a set of rule-bases to assess the risk level. The proposed FLS can be a useful tool to aid application developers and industry practitioners to assess the risk and plan ahead for employing necessary mitigation approaches. The authors evaluate their proposed approach using three real-world web applications implemented in PHP, and apply it to four types of common vulnerabilities. The initial results indicate that the proposed FLS approach can effectively discover high risk applications.

MoreLess

Year of publication:	2016
Authors:	Shahriar, Hossain ; Haddad, Hisham
Published in:	International Journal of Secure Software Engineering (IJSSE). - IGI Global, ISSN 1947-3044, ZDB-ID 2703749-6. - Vol. 7.2016, 2 (01.04.), p. 1-18
Publisher:	IGI Global
Subject:	Code Injection \| Cross-Site Scripting \| Fuzzy Logic System \| Remote File Inclusion \| Risk Assessment \| Session Vulnerablity \| SQL Injection \| Web Security

Online Resource

Check full text access |

More access options

doi.org

Check Google Scholar

In libraries world-wide (WorldCat)

In German libraries (KVK)

subito order

I need help

More details

Type of publication:	Article
Language:	English
Other identifiers:	10.4018/IJSSE.2016040101 [DOI]
Source:	Other ZBW resources

Persistent link: https://www.econbiz.de/10012048071