New Attack Potential Measurement Method to Kaizen Event for Web Application Security Vulnerabilities
Q3 Computer Science
引用次数: 1
Abstract
With recognition of the importance of web application security, there is a need for research on an action program for measurement and improvement of web application security. Therefore, the main purpose of this study was to formulate a Kaizen program suitable for measurement and improvement of web application security vulnerabilities. An improvement working procedure is introduced to implement the Kaizen program. Further, an augmented attack potential measurement method is proposed to measure the effectiveness of the formulated Kaizen program. The proposed new attack potential measurement method is considered to be an umbrella under which several novel techniques and methods are included, such as OWASP’s web application security vulnerabilities assessment method, ISO/IEC 18045 attack potential ratings method and fuzzy evaluation method. The numerical results of an example are presented to show that the augmented attack potential measurement method is not only comparable but also distinguishable. It is more reasonable and effective than that of the traditional method for measuring web application security improvement. Finally, conclusions are made and suggestions for future work are proposed. To cite this document: Kuo-Sui Lin, "New Attack Potential Measurement Method to Kaizen Event for Web Application Security Vulnerabilities", International Journal of Electronic Commerce Studies, Vol.10, No.2, pp.89-112, 2019. Permanent link to this document: http://dx.doi.org/10.7903/ijecs.1536针对Web应用程序安全漏洞的Kaizen事件攻击潜力测量新方法
随着对web应用程序安全重要性的认识,有必要研究一种衡量和改进web应用程序安全的行动方案。因此,本研究的主要目的是制定一个适用于web应用程序安全漏洞测量和改进的改善方案。采用改进工作程序来实施改善计划。此外,提出了一种增强攻击潜力测量方法来测量所制定的改善方案的有效性。本文提出的攻击潜力测量方法是将OWASP的web应用程序安全漏洞评估方法、ISO/IEC 18045攻击潜力评级方法和模糊评价方法等新技术和新方法纳入其中的一个总称。算例的数值结果表明,增强攻击势测量方法不仅具有可比性,而且具有可区分性。该方法比传统的web应用程序安全性改进度量方法更加合理和有效。最后,得出结论,并对今后的工作提出建议。引用本文:林国穗,“基于改进事件的Web应用安全漏洞攻击潜力度量方法”,《国际电子商务研究》,Vol.10, No.2, pp.89-112, 2019。此文档的永久链接:http://dx.doi.org/10.7903/ijecs.1536
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文
求助全文
来源期刊
International Journal of Electronic Commerce Studies
Computer Science-Computer Science Applications
CiteScore
1.40
自引率
0.00%
发文量
0
期刊介绍:
The IJECS is a double-blind referred academic journal for all fields of Electronic Commerce. To serve as an international platform, the IJECS encourages manuscript submissions from authors all around the world. As a multi-discipline journal, The IJECS welcome both technology oriented and business oriented electronic commerce research articles. The purpose of the International Journal of Electronic Commerce Studies is to promote electronic commerce research and provide worldwide scholars a place to publish their innovative work in electronic commerce. To be published in the journal, the manuscript must make strong empirical, theoretical, or practical contributions and highlight the significance of the contributions to the electronic commerce field. Thus, preference is given to submissions that test, extend, or build strong theoretical frameworks for electronic commerce theory, electronic commerce system development, and electronic commerce practice. The journal is not tied to any particular national context; the geographic distribution of authors publishing in the journal came from countries around the world. Articles introducing cases of innovative applications in electronic commerce around the world are also published in the journal. The journal provides scholars opportunities to realize the electronic commerce research and development around the world. Articles in the International Journal of Electronic Commerce Studies will include, but are not limited to the following areas.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
