Towards prioritizing vulnerability testing

Warning The system is temporarily closed to updates for reporting purpose.

Alptekin, Halit and Demir, Simge and Şimşek, Şevval and Yılmaz, Cemal (2020) Towards prioritizing vulnerability testing. In: International Conference on Software Quality, Reliability and Security, Macau, China

This is the latest version of this item.

[thumbnail of Open Access] PDF (Open Access)

Download (156kB)


Vulnerability assessment is the process of identifying and prioritizing the vulnerabilities in a system. Vulnerability scanners can, for example, scan a website for known vulnerabilities by running a repository of security tests, each of which is designed to reveal a known vulnerability. As the security tests need to be executed on each and every web page encountered, it may take quite a while for these scanners to report vulnerabilities. In this work, we present an approach for revealing the vulnerabilities faster by prioritizing the executions of the security tests on a per web page basis. The approach is based on a simple conjecture that 'similar' web pages may possess 'similar' vulnerabilities and that identifying these similarities can help prioritize the security tests. The results of the experiments we carried out by using 2927 distinct web pages (collected from 80 web sites), support our basic hypothesis; the percentages of the times the actual vulnerabilities appear in the top 8 and 15 predicted vulnerabilities were 86.9% and 98.4%, respectively.
Item Type: Papers in Conference Proceedings
Uncontrolled Keywords: automated testing; test prioritization; vulnerability analysis; vulnerability prioritization
Subjects: Q Science > Q Science (General)
Divisions: Faculty of Engineering and Natural Sciences > Academic programs > Computer Science & Eng.
Faculty of Engineering and Natural Sciences
Depositing User: Cemal Yılmaz
Date Deposited: 26 Aug 2021 17:45
Last Modified: 26 Apr 2022 09:38

Available Versions of this Item

Actions (login required)

View Item
View Item