Sciweavers

DASC
2006
IEEE

Assessing Vulnerabilities in Apache and IIS HTTP Servers

14 years 4 months ago
Assessing Vulnerabilities in Apache and IIS HTTP Servers
We examine the feasibility of quantitatively characterizing the vulnerabilities in the two major HTTP servers. In particular, we investigate the applicability of quantitative empirical models to the vulnerabilities discovery process for these servers. Such models can allow us to predict the number of vulnerabilities that may potentially be present in a server but may not yet have been found. The data on vulnerabilities found in the two servers is mined and analyzed. We explore the applicability of a time-based and an effort-based vulnerability discovery model. The effort-based model requires data of the current market-share of a server. Both models have been successfully used for vulnerabilities in the major operating systems. Our results show that both vulnerabilities discovery models fit the data for the HTTP servers well. We also examine a separate classification schemes for server vulnerabilities that based on the source of error, and then explore the applicability of the quantita...
Sung-Whan Woo, Omar H. Alhazmi, Yashwant K. Malaiy
Added 10 Jun 2010
Updated 10 Jun 2010
Type Conference
Year 2006
Where DASC
Authors Sung-Whan Woo, Omar H. Alhazmi, Yashwant K. Malaiya
Comments (0)