Building secure software: how to avoid security problems the right way
Building secure software: how to avoid security problems the right way
Probability and statistics with reliability, queuing and computer science applications
Probability and statistics with reliability, queuing and computer science applications
Testing the Suitability of Markov Chains as Web Usage Models
COMPSAC '03 Proceedings of the 27th Annual International Conference on Computer Software and Applications
A method for modeling and quantifying the security attributes of intrusion tolerant systems
Performance Evaluation - Dependable systems and networks-performance and dependability symposium (DSN-PDS) 2002: Selected papers
Model-Based Evaluation: From Dependability to Security
IEEE Transactions on Dependable and Secure Computing
Evaluating Web Software Reliability Based on Workload and Failure Data Extracted from Server Logs
IEEE Transactions on Software Engineering
Economics of Software Vulnerability Disclosure
IEEE Security and Privacy
Reliable Distributed Systems: Technologies, Web Services, and Applications
Reliable Distributed Systems: Technologies, Web Services, and Applications
Preventing Web Attacks with Apache
Preventing Web Attacks with Apache
Comparative Survey of Local Honeypot Sensors to Assist Network Forensics
SADFE '05 Proceedings of the First International Workshop on Systematic Approaches to Digital Forensic Engineering on Systematic Approaches to Digital Forensic Engineering
Software Security: Building Security In
Software Security: Building Security In
A Process for Performing Security Code Reviews
IEEE Security and Privacy
Guest Editor's Introduction: The State of Web Security
IEEE Security and Privacy
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
Enterprise Web Services Security (Internet Series)
Enterprise Web Services Security (Internet Series)
Applied Probability and Statistics
Applied Probability and Statistics
Anomaly Intrusion Detection Methods for Peer-to-Peer System
NPC '07 Proceedings of the 2007 IFIP International Conference on Network and Parallel Computing Workshops
Defending On-Line Web Application Security with User-Behavior Surveillance
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
A Tool Support for Secure Software Integration
International Journal of Secure Software Engineering
| Hi-index | 0.00 |
For web-based applications, a security analysis was conducted in order to identify software vulnerabilities and develop a new security assessment model. During such an analysis, the major security vulnerabilities observed in the open web proxy honeypot during the data collection time from February to March 2005 were computer worm attacks in Code Red and Nimda, AWSTAT attacks, unauthorized access request (HTTP error code 403), MS-SQL version overflow attacks, etc. To develop the security assessment model, we extended the generic security model for a single component system to multiple components using the multidimensional Markov process model. The resulting model was applied to the most popular software systems. The software system availability in security is computed using real data, and the mean time to security failure is calculated. This paper not only provides the software vulnerability analysis of the web-based applications, but also details the software security assessment for multiple component systems.