Skip to main content
SpringerLink
Log in

A Large-Scale Security Analysis of Web Vulnerability: Findings, Challenges and Remedies

  • Conference paper
  • First Online:
Computational Science and Its Applications – ICCSA 2020 (ICCSA 2020)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12253))

Included in the following conference series:

Abstract

This paper presents an analysis of the results obtained with an efficient and powerful tool developed to recognize the exploitable vulnerabilities of websites on the internet implemented with a web-content management system (WCMS). The key feature of this ethical tool is a dynamic, automated, and fast vulnerability scan of WCMS sites and the attached plug-ins for the live internet by obeying ethical requests. The collected scan results are impressive, and the presented analysis of these results provides an insight into the internet web system’s health and the factors that influence the vulnerability levels of websites.

Supported by organization J. Stefan Institute.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Klahr, R., et al.: Cyber security breaches survey 2017: main report (2017)

    Google Scholar 

  2. W3Techs. https://w3techs.com. Accessed 5 May 2019

  3. BuiltWith. https://builtwith.com. Accessed 5 May 2019

  4. Cigoj, P., Blazic, B.J.: An intelligent and automated WCMS vulnerability-discovery tool: the current state of the web. IEEE Access 7, 175466–175473 (2019)

    Google Scholar 

  5. Tsotsis, A.: WordPress.com suffers largest DDoS attack in its history (2011)

    Google Scholar 

  6. Vasek, M., Wadleigh, J., Moore, T.: Hacking is not random: a case-control study of webserver-compromise risk. IEEE Trans. Dependable Secure Comput. 13, 206–219 (2015)

    Google Scholar 

  7. van Goethem, T., Chen, P., Nikiforakis, N., Desmet, L., Joosen, W.: Large-scale security analysis of the web: challenges and findings. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 110–126. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08593-7_8

    Chapter  Google Scholar 

  8. Stock, B., Pellegrino, G., Li, F., Backes, M., Rossow, C.: Didn’t you hear me? – towards more successful web vulnerability notifications. In: Network and Distributed Systems Security (NDSS) Symposium (2018)

    Google Scholar 

  9. Schagen, N., Koning, K., Bos, H., Giuffrida, C.: Towards automated vulnerability scanning of network servers. In: Proceedings of the 11th European Workshop on Systems Security. ACM (2018)

    Google Scholar 

  10. Nappa, A., Rafique, Z.M., Caballero, J., Gu, G.: CyberProbe: towards internet-scale active detection of malicious servers. In: The Network and Distributed System Security Symposium (NDSS) (2014)

    Google Scholar 

  11. Kim, H., Kim, T., Jang, D.: An intelligent improvement of internet-wide scan engine for fast discovery of vulnerable IoT devices. Symmetry 10, 151 (2018)

    Google Scholar 

  12. Li, F., et al.: You’ve got vulnerability: exploring effective vulnerability notifications. In: 25th USENIX Security Symposium (USENIX Security 16) (2016)

    Google Scholar 

  13. Digital Skills Insights 2019 - ITU. https://academy.itu.int/digital-skills-insights-2019. Accessed 15 Dec 2019

  14. European Statistics - Eurostat. https://ec.europa.eu/eurostat. Accessed 15 Dec 2019

  15. Jarque, C.M., Bera, A.K.: Efficient tests for normality, homoscedasticity and serial independence of regression residuals. Econ. Lett. 6(3), 255–259 (1980)

    MathSciNet  Google Scholar 

  16. Breusch, T., Pegan, A.: A simple test of heteroscedasticity and random coeffient variation. Econometrica 47, 1287–1294 (1979)

    MathSciNet  Google Scholar 

  17. Harvey, A., Collier, P.: Testing for functional misspecification in regression analysis. J. Econ. 6, 103–119 (1977)

    MATH  Google Scholar 

  18. Durbin, J., Watson, G.S.: Testing for serial correlation in least squares regression III. Biometrika 58(1), 1–19 (1971)

    MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Jožef Stefan International Postgraduate School, Jamova cesta 39, 1000, Ljubljana, Slovenia

    Primož Cigoj

  2. Jozef Stefan Institute, Jamova cesta 39, 1000, Ljubljana, Slovenia

    Primož Cigoj, Živa Stepančič & Borka Jerman Blažič

Authors
  1. Primož Cigoj
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Živa Stepančič
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Borka Jerman Blažič
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Primož Cigoj .

Editor information

Editors and Affiliations

  1. University of Perugia, Perugia, Italy

    Osvaldo Gervasi

  2. University of Basilicata, Potenza, Potenza, Italy

    Beniamino Murgante

  3. Chair- Center of ICT/ICE, Covenant University, Ota, Nigeria

    Sanjay Misra

  4. University of Cagliari, Cagliari, Italy

    Chiara Garau

  5. University of Cagliari, Cagliari, Italy

    Ivan Blečić

  6. Clayton School of Information Technology, Monash University, Clayton, VIC, Australia

    David Taniar

  7. Department of Information Science, Kyushu Sangyo University, Fukuoka, Japan

    Bernady O. Apduhan

  8. University of Minho, Braga, Portugal

    Ana Maria A. C. Rocha

  9. Polytechnic University of Bari, Bari, Italy

    Eufemia Tarantino

  10. Polytechnic University of Bari, Bari, Italy

    Carmelo Maria Torre

  11. Department of Neurology, University of Massachusetts Medical School, Worcester, MA, USA

    Yeliz Karaca

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cigoj, P., Stepančič, Ž., Blažič, B.J. (2020). A Large-Scale Security Analysis of Web Vulnerability: Findings, Challenges and Remedies. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2020. ICCSA 2020. Lecture Notes in Computer Science(), vol 12253. Springer, Cham. https://doi.org/10.1007/978-3-030-58814-4_64

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-58814-4_64

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-58813-7

  • Online ISBN: 978-3-030-58814-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation