• shareshare
  • link
  • cite
  • add
auto_awesome_motion View all 2 versions
Publication . Article . 2020

Web resource security analysis based on CVSS metrics

Sh. R. Davlatov; P. V. Kuchinsky;
Open Access   Russian  
Published: 30 Sep 2020 Journal: Informatika, volume 17, issue 3, pages 72-77 (issn: 1816-0301, Copyright policy )
Publisher: The United Institute of Informatics Problems of the National Academy of Sciences of Belarus
Based on the analysis of vulnerability data for web resources and the CVSS metric, the distribution of the average CVSS (Common Vulnerability Scoring System standard for calculating a numerical vulnerability score on a ten-point scale) score for the websites of theRepublicofBelaruswas studied. The hypothesis on the distribution of the CVSS vulnerability assessment according to Poisson's law was tested by chi-square criteria. It was found that about 10% of web resources from the original general of samples of 19000 size have a critical averaged assessment level of vulnerability. As part of this work an universal system for collecting technical information about active web resources on the Internet from public directories and registries has been developed. Specific search templates have been developed using RegExp JavaScript expressions to detect the versions of technologies that were used to create websites. Based on this data the percentage distribution of used technologies, top-level domains and the geographical location of the servers were calculated. Proposed system can be adapted to any unique conditions required by information security specialists to conduct a security audit of web resources.
Subjects by Vocabulary

Microsoft Academic Graph classification: Vulnerability assessment CVSS JavaScript computer.programming_language computer Web server computer.software_genre Computer science Server Database Vulnerability (computing) The Internet business.industry business Information security


information security, security assessment, website, web server, cvss metric, programming language javascript, Electronic computers. Computer science, QA75.5-76.95