Towards prioritizing vulnerability testing

Warning The system is temporarily closed to updates for reporting purpose.

Alptekin, Halit and Demir, Simge and Şimşek, Şevval and Yılmaz, Cemal (2020) Towards prioritizing vulnerability testing. In: International Conference on Software Quality, Reliability and Security, Macau, China

This is the latest version of this item.

[img]PDF (Open Access) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader

Official URL: http://dx.doi.org/10.1109/QRS-C51114.2020.00114


Vulnerability assessment is the process of identifying and prioritizing the vulnerabilities in a system. Vulnerability scanners can, for example, scan a website for known vulnerabilities by running a repository of security tests, each of which is designed to reveal a known vulnerability. As the security tests need to be executed on each and every web page encountered, it may take quite a while for these scanners to report vulnerabilities. In this work, we present an approach for revealing the vulnerabilities faster by prioritizing the executions of the security tests on a per web page basis. The approach is based on a simple conjecture that 'similar' web pages may possess 'similar' vulnerabilities and that identifying these similarities can help prioritize the security tests. The results of the experiments we carried out by using 2927 distinct web pages (collected from 80 web sites), support our basic hypothesis; the percentages of the times the actual vulnerabilities appear in the top 8 and 15 predicted vulnerabilities were 86.9% and 98.4%, respectively.

Item Type:Papers in Conference Proceedings
Uncontrolled Keywords:automated testing; test prioritization; vulnerability analysis; vulnerability prioritization
Subjects:Q Science > Q Science (General)
ID Code:42042
Deposited By:Cemal Yılmaz
Deposited On:26 Aug 2021 17:45
Last Modified:31 Aug 2021 00:44

Available Versions of this Item

Repository Staff Only: item control page