Heumann, Thomas ; Türpe, Sven ; Keller, Jörg
Hrsg.: Freiling, Felix (2010)
Quantifying the Attack Surface of a Web Application.
Bonn
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
The attack surface of a system represents the exposure of application objects to attackers and is affected primarily by architecture and design decisions. Given otherwise consistent conditions, reducing the attack surface of a system or an application is expected to reduce its overall vulnerability. So far, only systems have been considered but not single applications. As web applications provide a large set of applications built upon a common set of concepts and technologies, we choose them as an example, and provide qualitative and quantitative indicators. We propose a multi-dimensional metric for the attack surface of web applications, and discuss the rationale behind. Our metric is easy to use. It comprises both a scalar numeric indicator for easy comparison and a more detailed vector representation for deeper analysis. The metric can be used to guide security testing and development. We validate the applicability and suitability of the metric with popular web applications, of which knowledge about their vulnerability already exists.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2010 |
| Herausgeber: | Freiling, Felix |
| Autor(en): | Heumann, Thomas ; Türpe, Sven ; Keller, Jörg |
| Art des Eintrags: | Bibliographie |
| Titel: | Quantifying the Attack Surface of a Web Application |
| Sprache: | Englisch |
| Publikationsjahr: | 2010 |
| Verlag: | Bonner Köllen Verlag |
| Buchtitel: | Sicherheit 2010: Sicherheit, Schutz und Zuverlässigkeit. |
| Reihe: | Lecture Notes in Informatics (LNI) |
| Band einer Reihe: | P-170 |
| Veranstaltungsort: | Bonn |
| Kurzbeschreibung (Abstract): | The attack surface of a system represents the exposure of application objects to attackers and is affected primarily by architecture and design decisions. Given otherwise consistent conditions, reducing the attack surface of a system or an application is expected to reduce its overall vulnerability. So far, only systems have been considered but not single applications. As web applications provide a large set of applications built upon a common set of concepts and technologies, we choose them as an example, and provide qualitative and quantitative indicators. We propose a multi-dimensional metric for the attack surface of web applications, and discuss the rationale behind. Our metric is easy to use. It comprises both a scalar numeric indicator for easy comparison and a more detailed vector representation for deeper analysis. The metric can be used to guide security testing and development. We validate the applicability and suitability of the metric with popular web applications, of which knowledge about their vulnerability already exists. |
| Freie Schlagworte: | Secure Services;Web Application; Attack Surface; Black Box; Vulnerability; Measurement; Security Metrics, Attack Surface Metric |
| ID-Nummer: | TUD-CS-2010-1880 |
| Fachbereich(e)/-gebiet(e): | LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt LOEWE > LOEWE-Zentren LOEWE |
| Hinterlegungsdatum: | 30 Dez 2016 20:23 |
| Letzte Änderung: | 17 Mai 2018 13:02 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum