Abstract
This paper presents an analysis of the results obtained with an efficient and powerful tool developed to recognize the exploitable vulnerabilities of websites on the internet implemented with a web-content management system (WCMS). The key feature of this ethical tool is a dynamic, automated, and fast vulnerability scan of WCMS sites and the attached plug-ins for the live internet by obeying ethical requests. The collected scan results are impressive, and the presented analysis of these results provides an insight into the internet web system’s health and the factors that influence the vulnerability levels of websites.
Supported by organization J. Stefan Institute.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Klahr, R., et al.: Cyber security breaches survey 2017: main report (2017)
W3Techs. https://w3techs.com. Accessed 5 May 2019
BuiltWith. https://builtwith.com. Accessed 5 May 2019
Cigoj, P., Blazic, B.J.: An intelligent and automated WCMS vulnerability-discovery tool: the current state of the web. IEEE Access 7, 175466–175473 (2019)
Tsotsis, A.: WordPress.com suffers largest DDoS attack in its history (2011)
Vasek, M., Wadleigh, J., Moore, T.: Hacking is not random: a case-control study of webserver-compromise risk. IEEE Trans. Dependable Secure Comput. 13, 206–219 (2015)
van Goethem, T., Chen, P., Nikiforakis, N., Desmet, L., Joosen, W.: Large-scale security analysis of the web: challenges and findings. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 110–126. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08593-7_8
Stock, B., Pellegrino, G., Li, F., Backes, M., Rossow, C.: Didn’t you hear me? – towards more successful web vulnerability notifications. In: Network and Distributed Systems Security (NDSS) Symposium (2018)
Schagen, N., Koning, K., Bos, H., Giuffrida, C.: Towards automated vulnerability scanning of network servers. In: Proceedings of the 11th European Workshop on Systems Security. ACM (2018)
Nappa, A., Rafique, Z.M., Caballero, J., Gu, G.: CyberProbe: towards internet-scale active detection of malicious servers. In: The Network and Distributed System Security Symposium (NDSS) (2014)
Kim, H., Kim, T., Jang, D.: An intelligent improvement of internet-wide scan engine for fast discovery of vulnerable IoT devices. Symmetry 10, 151 (2018)
Li, F., et al.: You’ve got vulnerability: exploring effective vulnerability notifications. In: 25th USENIX Security Symposium (USENIX Security 16) (2016)
Digital Skills Insights 2019 - ITU. https://academy.itu.int/digital-skills-insights-2019. Accessed 15 Dec 2019
European Statistics - Eurostat. https://ec.europa.eu/eurostat. Accessed 15 Dec 2019
Jarque, C.M., Bera, A.K.: Efficient tests for normality, homoscedasticity and serial independence of regression residuals. Econ. Lett. 6(3), 255–259 (1980)
Breusch, T., Pegan, A.: A simple test of heteroscedasticity and random coeffient variation. Econometrica 47, 1287–1294 (1979)
Harvey, A., Collier, P.: Testing for functional misspecification in regression analysis. J. Econ. 6, 103–119 (1977)
Durbin, J., Watson, G.S.: Testing for serial correlation in least squares regression III. Biometrika 58(1), 1–19 (1971)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Cigoj, P., Stepančič, Ž., Blažič, B.J. (2020). A Large-Scale Security Analysis of Web Vulnerability: Findings, Challenges and Remedies. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2020. ICCSA 2020. Lecture Notes in Computer Science(), vol 12253. Springer, Cham. https://doi.org/10.1007/978-3-030-58814-4_64
Download citation
DOI: https://doi.org/10.1007/978-3-030-58814-4_64
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58813-7
Online ISBN: 978-3-030-58814-4
eBook Packages: Computer ScienceComputer Science (R0)