Skip to main content
SpringerLink
Log in

Cybersecurity Vulnerabilities Assessment (A Systematic Review Approach)

  • Conference paper
  • First Online:
Information Technology - New Generations

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 738))

Abstract

For analysis information technology and computer system vulnerabilities, this paper benefits from “systematic review analysis: 2000–2015” with two-time searches: One established using suitable keywords, the second performed inside references used by selected papers.

A detailed approach for analysis vulnerabilities of an organization includes physical and infrastructure of an organization, software, networks, policies, and information system vulnerabilities.

Our findings highlight the following to be the most important vulnerabilities of networks: buffer overruns, operating environment, resource exhaustion, race conditions, standardization of canonical form, and violation of trust, injection attacks, cross-site scripting, non-secure cryptography storage and failure to restrict URL access.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Elsevier: SCOPUS Database, www.scopus.com

  2. P. Baybutt, Cyber security vulnerability analysis: an asset-based approach. Process. Saf. Prog. 22, 220–228 (2003)

    Article  Google Scholar 

  3. I. Linkov, D.A. Eisenberg, K. Plourde, T.P. Seager, J. Allen, A. Kott, Resilience metrics for cyber systems. Environ. Syst. Decis. 33, 471–476 (2013)

    Article  Google Scholar 

  4. H. Bidgoli, The Internet Encyclopedia (Wiley, Hoboken, NJ, 2004)

    Book  Google Scholar 

  5. C.A. Sennewald, J.H. Christman, Retail Crime, Security, and Loss Prevention: An Encyclopedic Reference (Butterworth-Heinemann, Burlington, MA, 2011)

    Google Scholar 

  6. E.E. Schultz, A framework for understanding and predicting insider attacks. Comput. Secur. 21, 526–531 (2002)

    Article  Google Scholar 

  7. H. Umberger, A. Gheorghe, Cyber security: threat identification, risk and vulnerability assessment, in NATO Science for Peace and Security Series C: Environmental Security, vol. 109, (2011), pp. 247–269

    Google Scholar 

  8. K. Stouffer, J. Falco, K. Scarfone, Guide to Industrial Control Systems (ICS) Security (NIST special publication, 2011), pp. 800–882

    Google Scholar 

  9. C. Wilson, Cyber threats to critical information infrastructure, in Cyberterrorism: Understanding, Assessment, and Response (2014), pp. 123–136

    Google Scholar 

  10. J. Viega, G. McGraw, Building Secure Software: How to Avoid Security Problems the Right Way (Pearson Education, Upper Saddle River, NJ, 2001)

    Google Scholar 

  11. P. Meunier, Resource exhaustion. in Secure Programming Educational Material (2004)

    Google Scholar 

  12. J. Viega, G. McGraw, Building Secure Software: How to Avoid Security Problems the Right Way (paperback) (Addison-Wesley Professional Computing Series, Addison-Wesley Professional, 2011)

    Google Scholar 

  13. M. Howard, D. LeBlanc, Writing Secure Code (Pearson Education, Upper Saddle River, NJ, 2003)

    Google Scholar 

  14. S.T. Redwine Jr., Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire and Sustain Secure Software, version 1.1 (US Department of Homeland Security, Washington, DC, 2006)

    Google Scholar 

  15. M. Bishop, S. Engle, The software assurance CBK and university curricula, in Proceedings of the 10th Colloquium for Information Systems Security Education (2006)

    Google Scholar 

  16. H. Zare, M. Azadi, P. Olsen, Techniques for detecting and preventing denial of service attacks (a systematic review approach), in Information Technology-New Generations (Springer, 2018), pp. 151–157

    Google Scholar 

  17. P. Engebretson, The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Elsevier, 2013)

    Google Scholar 

  18. P. Watson, Slipping in the Window: TCP reset attacks. Presentation at (2004)

    Google Scholar 

  19. PCI-DSS, PCI Data Security Standard. Information Supplement: Best Practices for Implementing a Security Awareness Program (October 2014), https://www.pcisecuritystandards.org/documents/ PCI_DSS_V1.0_Best_Practices_for_Implementing_Security_Awa reness_Program.pdf

  20. T.D. Graham, J.C. Hudson, Dynamic File Access Control and Management (Google Patents, 2010)

    Google Scholar 

  21. NAS, National Academy of Sciences, Disaster resilience: a national imperative. Washington, DC (2012), http://www.nap.edu/catalog.php?record_id=13457

  22. A. Amantini, M. Choraś, S. D’Antonio, E. Egozcue, D. Germanus, R. Hutter, The human role in tools for improving robustness and resilience of critical infrastructures. Cogn. Tech. Work 14, 143–155 (2012)

    Article  Google Scholar 

  23. G. Notoatmodjo, Exploring the ‘Weakest Link’: A Study of Personal Password Security (Citeseer, 2007)

    Google Scholar 

  24. K. Scarfone, M. Souppaya, Guide to Enterprise Password Management (Draft): Recommendations of the National Institute of Standards and Technology (US Dept of Commerce, Technology Administration, National Institute of Standards and Technology, Gaithersburg, MD, 2009)

    Google Scholar 

  25. WASC, Threat Classification, WASC-23: XML Injection (2015), http://projects.webappsec.org/w/page/13247004/XML%20Injection

  26. WASC Threat Classification: WASC-31: OS Commanding (2015), http://projects.webappsec.org/w/page/13246950/OS%20Commanding

  27. WASC Threat Classification. Category:OWASP Top Ten Project (2015), https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

  28. J.R. Vacca, S. Ellis, Firewalls: Jumpstart for Network and Systems Administrators (Elsevier, Burlington, MA, 2004)

    Google Scholar 

  29. E. Bompard, R. Napoli, F. Xue, Vulnerability of interconnected power systems to malicious attacks under limited information. Eur. T. Electr. Power 18, 820–834 (2008)

    Article  Google Scholar 

  30. J. Hall, Multi-Layer Network Monitoring and Analysis (University of Cambridge, Cambridge, 2003)

    Google Scholar 

  31. E.G. Amoroso, Cyber attacks: awareness. Netw. Secur. 2011, 10–16 (2011)

    Article  Google Scholar 

  32. M. Krotofil, A. Cárdenas, J. Larsen, D. Gollmann, Vulnerabilities of cyber-physical systems to stale data-Determining the optimal time to launch attacks. Int. J.Crit. Infrastruct. Prot. 7, 213–232 (2014)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Maryland University College, Upper Marlboro, MD, USA

    Hossein Zare, Mohammad Jalal Zare & Mojgan Azadi

  2. The Johns Hopkins Center for Disparities Solution, Department of Health Policy and Management, Johns Hopkins Bloomberg School of Public Health, Baltimore, MD, USA

    Hossein Zare, Mohammad Jalal Zare & Mojgan Azadi

Authors
  1. Hossein Zare
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad Jalal Zare
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mojgan Azadi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hossein Zare .

Editor information

Editors and Affiliations

  1. Department of Electrical & Computer Engineering, University of Nevada, Las Vegas, Las Vegas, Nevada, USA

    Shahram Latifi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zare, H., Zare, M.J., Azadi, M. (2018). Cybersecurity Vulnerabilities Assessment (A Systematic Review Approach). In: Latifi, S. (eds) Information Technology - New Generations. Advances in Intelligent Systems and Computing, vol 738. Springer, Cham. https://doi.org/10.1007/978-3-319-77028-4_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-77028-4_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-77027-7

  • Online ISBN: 978-3-319-77028-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation