Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
DASC
2006
IEEE
2006
IEEE
Assessing Vulnerabilities in Apache and IIS HTTP Servers
We examine the feasibility of quantitatively characterizing the vulnerabilities in the two major HTTP servers. In particular, we investigate the applicability of quantitative empirical models to the vulnerabilities discovery process for these servers. Such models can allow us to predict the number of vulnerabilities that may potentially be present in a server but may not yet have been found. The data on vulnerabilities found in the two servers is mined and analyzed. We explore the applicability of a time-based and an effort-based vulnerability discovery model. The effort-based model requires data of the current market-share of a server. Both models have been successfully used for vulnerabilities in the major operating systems. Our results show that both vulnerabilities discovery models fit the data for the HTTP servers well. We also examine a separate classification schemes for server vulnerabilities that based on the source of error, and then explore the applicability of the quantita...
Real-time TrafficApplied Computing | DASC 2006 | HTTP Servers | Vulnerabilities | Vulnerabilities Discovery Process |
Related Content
| Added | 10 Jun 2010 |
| Updated | 10 Jun 2010 |
| Type | Conference |
| Year | 2006 |
| Where | DASC |
| Authors | Sung-Whan Woo, Omar H. Alhazmi, Yashwant K. Malaiya |
Comments (0)
Researcher Info
|
