An Expert System for Rating Vulnerabilities
Over the past few years, there has been a worrying trend of increment in number of web application intrusions. Based on reports released by reliable sources, these incidents are due to the lack of experts in performing accurate risk assessment to mitigate the risk while performing web security te...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Year Project |
| Language: | English |
| Published: |
Universiti Teknologi Petronas
2013
|
| Online Access: | http://utpedia.utp.edu.my/13520/1/%5BFYP2%5D%20JongQianjun_15112.pdf http://utpedia.utp.edu.my/13520/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Over the past few years, there has been a worrying trend of increment in number of web
application intrusions. Based on reports released by reliable sources, these incidents are
due to the lack of experts in performing accurate risk assessment to mitigate the risk
while performing web security testing. Risk assessment is the core process in providing
appropriate recommendations when dealing with vulnerabilities discovered in a web
application. Therefore this research paper will be highlighting the problem of
insufficient experts to guide the less experienced information security analyst in
conducting effective risk assessment. The objective of this research will be to design an
expert system to aid the less experienced system analyst in conducting accurate risk
assessment during the absence of experts. The expert system will cover all risk rating of
vulnerabilities included in the OWASP Top 10 2013, and the target user will only be the
less experienced information system analyst. The methodology used in the research
would be based on the expert system development life cycle model. The main activity
conducted is the construction of knowledge base of the proposed expert system. Based
on the results of collected knowledge and information from the internet as well as
interviewing experts, the knowledge developer will construct a decision tree which aids
in the development of the expert system in later phase of the research. |
|---|