Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SICHERHEIT
2010
2010
Quantifying the Attack Surface of a Web Application
Abstract: The attack surface of a system represents the exposure of application objects to attackers and is affected primarily by architecture and design decisions. Given otherwise consistent conditions, reducing the attack surface of a system or an application is expected to reduce its overall vulnerability. So far, only systems have been considered but not single applications. As web applications provide a large set of applications built upon a common set of concepts and technologies, we choose them as an example, and provide qualitative and quantitative indicators. We propose a multidimensional metric for the attack surface of web applications, and discuss the rationale behind. Our metric is easy to use. It comprises both a scalar numeric indicator for easy comparison and a more detailed vector representation for deeper analysis. The metric can be used to guide security testing and development. We validate the applicability and suitability of the metric with popular web applications...
Real-time Traffic| Added | 15 Feb 2011 |
| Updated | 15 Feb 2011 |
| Type | Journal |
| Year | 2010 |
| Where | SICHERHEIT |
| Authors | Thomas Heumann, Sven Türpe, Jörg Keller |
Comments (0)
Researcher Info
|
