Towards prioritizing vulnerability testing

This is the latest version of this item.

Official URL: http://dx.doi.org/10.1109/QRS-C51114.2020.00114

Vulnerability assessment is the process of identifying and prioritizing the vulnerabilities in a system. Vulnerability scanners can, for example, scan a website for known vulnerabilities by running a repository of security tests, each of which is designed to reveal a known vulnerability. As the security tests need to be executed on each and every web page encountered, it may take quite a while for these scanners to report vulnerabilities. In this work, we present an approach for revealing the vulnerabilities faster by prioritizing the executions of the security tests on a per web page basis. The approach is based on a simple conjecture that 'similar' web pages may possess 'similar' vulnerabilities and that identifying these similarities can help prioritize the security tests. The results of the experiments we carried out by using 2927 distinct web pages (collected from 80 web sites), support our basic hypothesis; the percentages of the times the actual vulnerabilities appear in the top 8 and 15 predicted vulnerabilities were 86.9% and 98.4%, respectively.