Quantitative Evaluation of Related Web-Based Vulnerabilities
2010
Current web application scanner reports contribute little to diagnosis and remediation when dealing with vulnerabilities that are related or vulnerability variants. We propose a quantitative framework that combines degree of confidence reports pre-computed from various scanners. The output is evaluated and mapped based on derived metrics to appropriate remediation for the detected vulnerabilities and vulnerability variants. The objective is to provide a trusted level of diagnosis and remediation that is appropriate. Examples based on commercial scanners and existing vulnerabilities and variants are used to demonstrate the framework’s capability.
Keywords:
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
16
References
0
Citations
NaN
KQI