{"title":"OpenVAS漏洞扫描器的可用性初探","authors":"M. U. Aksu, Enes ALTUNCU, K. Bicakci","doi":"10.14722/usec.2019.23026","DOIUrl":null,"url":null,"abstract":"Vulnerability scanning is a fundamental step for assuring system security. It is also an integral component of IT system risk assessment to manage the identified vulnerabilities in a timely and prioritized way. It is critical that the tools for vulnerability scanning are usable so that cybersecurity practitioners get the most out of them. In this work, we evaluate the usability of a commonly used open source vulnerability scanning tool − OpenVAS 9.0. For this purpose, we carry out expertbased and user-based testings. Expert-based testing is carried out by employing the heuristic analysis and cognitive walkthrough approaches. User-based testing is performed by selecting 10 cybersecurity experts as participants. As a result, we identify pitfalls that lead to insecurity or false sense of security and suggest improvements to overcome them. We also discuss the effectiveness of the methodologies employed for usability testing. Lastly, a set of heuristics compiled from the existing work and adapted to our case is provided to be reused in similar studies.","PeriodicalId":215851,"journal":{"name":"Proceedings 2019 Workshop on Usable Security","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"A First Look at the Usability of OpenVAS Vulnerability Scanner\",\"authors\":\"M. U. Aksu, Enes ALTUNCU, K. Bicakci\",\"doi\":\"10.14722/usec.2019.23026\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Vulnerability scanning is a fundamental step for assuring system security. It is also an integral component of IT system risk assessment to manage the identified vulnerabilities in a timely and prioritized way. It is critical that the tools for vulnerability scanning are usable so that cybersecurity practitioners get the most out of them. In this work, we evaluate the usability of a commonly used open source vulnerability scanning tool − OpenVAS 9.0. For this purpose, we carry out expertbased and user-based testings. Expert-based testing is carried out by employing the heuristic analysis and cognitive walkthrough approaches. User-based testing is performed by selecting 10 cybersecurity experts as participants. As a result, we identify pitfalls that lead to insecurity or false sense of security and suggest improvements to overcome them. We also discuss the effectiveness of the methodologies employed for usability testing. Lastly, a set of heuristics compiled from the existing work and adapted to our case is provided to be reused in similar studies.\",\"PeriodicalId\":215851,\"journal\":{\"name\":\"Proceedings 2019 Workshop on Usable Security\",\"volume\":\"10 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings 2019 Workshop on Usable Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.14722/usec.2019.23026\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2019 Workshop on Usable Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/usec.2019.23026","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A First Look at the Usability of OpenVAS Vulnerability Scanner
Vulnerability scanning is a fundamental step for assuring system security. It is also an integral component of IT system risk assessment to manage the identified vulnerabilities in a timely and prioritized way. It is critical that the tools for vulnerability scanning are usable so that cybersecurity practitioners get the most out of them. In this work, we evaluate the usability of a commonly used open source vulnerability scanning tool − OpenVAS 9.0. For this purpose, we carry out expertbased and user-based testings. Expert-based testing is carried out by employing the heuristic analysis and cognitive walkthrough approaches. User-based testing is performed by selecting 10 cybersecurity experts as participants. As a result, we identify pitfalls that lead to insecurity or false sense of security and suggest improvements to overcome them. We also discuss the effectiveness of the methodologies employed for usability testing. Lastly, a set of heuristics compiled from the existing work and adapted to our case is provided to be reused in similar studies.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
