본문 바로가기
  • Home

Vulnerability Analysis and Threat Mitigation for Secure Web Application Development

  • Journal of The Korea Society of Computer and Information
  • Abbr : JKSCI
  • 2012, 17(2), pp.127-137
  • Publisher : The Korean Society Of Computer And Information
  • Research Area : Engineering > Computer Science

Jaechan Moon 1 SEONG JE CHO 1

1단국대학교

Accredited

ABSTRACT

Recently, as modern Internet uses mashups, Web 3.0, JavaScript/AJAX widely, the rate at which new vulnerabilities are being discovered is increasing rapidly. It can subsequently introduce big security threats. In order to efficiently mitigate these web application vulnerabilities and security threats, it is needed to rank vulnerabilities based on severity and consider the severe vulnerabilities during a specific phase of software development lifecycle (SDLC) for web applications. In this paper, we have first verified whether the risk rating methodology of OWASP Top 10 vulnerabilities is a reasonable one or not by analyzing the vulnerability data of web applications in the US National Vulnerability Database (NVD). Then, by inspecting the vulnerability information of web applications based on OWASP Top-10 2010 list and CWE (Common Weakness Enumeration) directory, we have mapped the web-related entries of CWE onto the entries of OWASP Top-10 2010 and prioritized them. We have also presented which phase of SDLC is associated with each vulnerability entry. Using this approach, we can prevent or mitigate web application vulnerabilities and security threats efficiently.

Citation status

* References for papers published after 2022 are currently being built.