Web Vulnerability Assessment

Outsource dilemmas

Arniyati Ahmad, Siti Rohaidah Ahmad, Nor Fatimah Awang, Zulkarnain Md. Ali

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Vulnerability Assessment (VAS) is a process to search for any potential loopholes contain in a system that lead to compromise it. It is important to do VAS on the system to make sure that it will be safely release and not offer any illegitimate access that can affect availability, confidentiality and integrity of the system[1][12]. VAS can be done by out sourcing it to a third party or do it yourself (DIY) depending on the budget and time allocated. It can sometimes depend on the confidentiality of the project that might pretend you from open it for a third party assessment. By choosing DIY, another thing to consider is implementing the VAS as in standard and common practices to make sure that the system can pass the security requirements needed. Even though there are so many standards, testing guidelines and common practices for VAS that is available on the net, the process of selecting the best and suitable VAS approach will need you to sacrifice a lot of your time and effort. This paper tries to share some experiences in setting up some criteria for outsourcing the task. It also shares the way to simplify standard practise from Open Web Application Security Project (OWASP) and turning it into simple practice yet thorough assessment process. The assessment was done in a clone environment to protect the real system from any disruptions and conflict.

Original languageEnglish
Title of host publicationProceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011
DOIs
Publication statusPublished - 2011
Event2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011 - Bandung
Duration: 17 Jul 201119 Jul 2011

Other

Other2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011
CityBandung
Period17/7/1119/7/11

Fingerprint

Outsourcing
Availability
Testing

Keywords

  • compromise system
  • system vulnerability
  • vulnerability assessment
  • web application security

ASJC Scopus subject areas

  • Information Systems
  • Electrical and Electronic Engineering

Cite this

Ahmad, A., Ahmad, S. R., Awang, N. F., & Md. Ali, Z. (2011). Web Vulnerability Assessment: Outsource dilemmas. In Proceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011 [6021795] https://doi.org/10.1109/ICEEI.2011.6021795

Web Vulnerability Assessment : Outsource dilemmas. / Ahmad, Arniyati; Ahmad, Siti Rohaidah; Awang, Nor Fatimah; Md. Ali, Zulkarnain.

Proceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011. 2011. 6021795.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ahmad, A, Ahmad, SR, Awang, NF & Md. Ali, Z 2011, Web Vulnerability Assessment: Outsource dilemmas. in Proceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011., 6021795, 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011, Bandung, 17/7/11. https://doi.org/10.1109/ICEEI.2011.6021795
Ahmad A, Ahmad SR, Awang NF, Md. Ali Z. Web Vulnerability Assessment: Outsource dilemmas. In Proceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011. 2011. 6021795 https://doi.org/10.1109/ICEEI.2011.6021795
Ahmad, Arniyati ; Ahmad, Siti Rohaidah ; Awang, Nor Fatimah ; Md. Ali, Zulkarnain. / Web Vulnerability Assessment : Outsource dilemmas. Proceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011. 2011.
@inproceedings{1836b660887c44d7acf7b1f4f808bf63,
title = "Web Vulnerability Assessment: Outsource dilemmas",
abstract = "Vulnerability Assessment (VAS) is a process to search for any potential loopholes contain in a system that lead to compromise it. It is important to do VAS on the system to make sure that it will be safely release and not offer any illegitimate access that can affect availability, confidentiality and integrity of the system[1][12]. VAS can be done by out sourcing it to a third party or do it yourself (DIY) depending on the budget and time allocated. It can sometimes depend on the confidentiality of the project that might pretend you from open it for a third party assessment. By choosing DIY, another thing to consider is implementing the VAS as in standard and common practices to make sure that the system can pass the security requirements needed. Even though there are so many standards, testing guidelines and common practices for VAS that is available on the net, the process of selecting the best and suitable VAS approach will need you to sacrifice a lot of your time and effort. This paper tries to share some experiences in setting up some criteria for outsourcing the task. It also shares the way to simplify standard practise from Open Web Application Security Project (OWASP) and turning it into simple practice yet thorough assessment process. The assessment was done in a clone environment to protect the real system from any disruptions and conflict.",
keywords = "compromise system, system vulnerability, vulnerability assessment, web application security",
author = "Arniyati Ahmad and Ahmad, {Siti Rohaidah} and Awang, {Nor Fatimah} and {Md. Ali}, Zulkarnain",
year = "2011",
doi = "10.1109/ICEEI.2011.6021795",
language = "English",
isbn = "9781457707520",
booktitle = "Proceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011",

}

TY - GEN

T1 - Web Vulnerability Assessment

T2 - Outsource dilemmas

AU - Ahmad, Arniyati

AU - Ahmad, Siti Rohaidah

AU - Awang, Nor Fatimah

AU - Md. Ali, Zulkarnain

PY - 2011

Y1 - 2011

N2 - Vulnerability Assessment (VAS) is a process to search for any potential loopholes contain in a system that lead to compromise it. It is important to do VAS on the system to make sure that it will be safely release and not offer any illegitimate access that can affect availability, confidentiality and integrity of the system[1][12]. VAS can be done by out sourcing it to a third party or do it yourself (DIY) depending on the budget and time allocated. It can sometimes depend on the confidentiality of the project that might pretend you from open it for a third party assessment. By choosing DIY, another thing to consider is implementing the VAS as in standard and common practices to make sure that the system can pass the security requirements needed. Even though there are so many standards, testing guidelines and common practices for VAS that is available on the net, the process of selecting the best and suitable VAS approach will need you to sacrifice a lot of your time and effort. This paper tries to share some experiences in setting up some criteria for outsourcing the task. It also shares the way to simplify standard practise from Open Web Application Security Project (OWASP) and turning it into simple practice yet thorough assessment process. The assessment was done in a clone environment to protect the real system from any disruptions and conflict.

AB - Vulnerability Assessment (VAS) is a process to search for any potential loopholes contain in a system that lead to compromise it. It is important to do VAS on the system to make sure that it will be safely release and not offer any illegitimate access that can affect availability, confidentiality and integrity of the system[1][12]. VAS can be done by out sourcing it to a third party or do it yourself (DIY) depending on the budget and time allocated. It can sometimes depend on the confidentiality of the project that might pretend you from open it for a third party assessment. By choosing DIY, another thing to consider is implementing the VAS as in standard and common practices to make sure that the system can pass the security requirements needed. Even though there are so many standards, testing guidelines and common practices for VAS that is available on the net, the process of selecting the best and suitable VAS approach will need you to sacrifice a lot of your time and effort. This paper tries to share some experiences in setting up some criteria for outsourcing the task. It also shares the way to simplify standard practise from Open Web Application Security Project (OWASP) and turning it into simple practice yet thorough assessment process. The assessment was done in a clone environment to protect the real system from any disruptions and conflict.

KW - compromise system

KW - system vulnerability

KW - vulnerability assessment

KW - web application security

UR - http://www.scopus.com/inward/record.url?scp=80054018877&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80054018877&partnerID=8YFLogxK

U2 - 10.1109/ICEEI.2011.6021795

DO - 10.1109/ICEEI.2011.6021795

M3 - Conference contribution

SN - 9781457707520

BT - Proceedings of the 2011 International Conference on Electrical Engineering and Informatics, ICEEI 2011

ER -