An Expert System for Rating Vulnerabilities
Over the past few years, there has been a worrying trend of increment in number of web application intrusions. Based on reports released by reliable sources, these incidents are due to the lack of experts in performing accurate risk assessment to mitigate the risk while performing web security te...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Year Project |
| Language: | English |
| Published: |
Universiti Teknologi Petronas
2013
|
| Online Access: | http://utpedia.utp.edu.my/13520/1/%5BFYP2%5D%20JongQianjun_15112.pdf http://utpedia.utp.edu.my/13520/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-utp-utpedia.13520 |
|---|---|
| record_format |
eprints |
| spelling |
my-utp-utpedia.135202017-01-25T09:38:42Z http://utpedia.utp.edu.my/13520/ An Expert System for Rating Vulnerabilities Qianjun, Jong Over the past few years, there has been a worrying trend of increment in number of web application intrusions. Based on reports released by reliable sources, these incidents are due to the lack of experts in performing accurate risk assessment to mitigate the risk while performing web security testing. Risk assessment is the core process in providing appropriate recommendations when dealing with vulnerabilities discovered in a web application. Therefore this research paper will be highlighting the problem of insufficient experts to guide the less experienced information security analyst in conducting effective risk assessment. The objective of this research will be to design an expert system to aid the less experienced system analyst in conducting accurate risk assessment during the absence of experts. The expert system will cover all risk rating of vulnerabilities included in the OWASP Top 10 2013, and the target user will only be the less experienced information system analyst. The methodology used in the research would be based on the expert system development life cycle model. The main activity conducted is the construction of knowledge base of the proposed expert system. Based on the results of collected knowledge and information from the internet as well as interviewing experts, the knowledge developer will construct a decision tree which aids in the development of the expert system in later phase of the research. Universiti Teknologi Petronas 2013-09 Final Year Project NonPeerReviewed application/pdf en http://utpedia.utp.edu.my/13520/1/%5BFYP2%5D%20JongQianjun_15112.pdf Qianjun, Jong (2013) An Expert System for Rating Vulnerabilities. Universiti Teknologi Petronas. |
| institution |
Universiti Teknologi Petronas |
| building |
UTP Resource Centre |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Petronas |
| content_source |
UTP Electronic and Digitized Intellectual Asset |
| url_provider |
http://utpedia.utp.edu.my/ |
| language |
English |
| description |
Over the past few years, there has been a worrying trend of increment in number of web
application intrusions. Based on reports released by reliable sources, these incidents are
due to the lack of experts in performing accurate risk assessment to mitigate the risk
while performing web security testing. Risk assessment is the core process in providing
appropriate recommendations when dealing with vulnerabilities discovered in a web
application. Therefore this research paper will be highlighting the problem of
insufficient experts to guide the less experienced information security analyst in
conducting effective risk assessment. The objective of this research will be to design an
expert system to aid the less experienced system analyst in conducting accurate risk
assessment during the absence of experts. The expert system will cover all risk rating of
vulnerabilities included in the OWASP Top 10 2013, and the target user will only be the
less experienced information system analyst. The methodology used in the research
would be based on the expert system development life cycle model. The main activity
conducted is the construction of knowledge base of the proposed expert system. Based
on the results of collected knowledge and information from the internet as well as
interviewing experts, the knowledge developer will construct a decision tree which aids
in the development of the expert system in later phase of the research. |
| format |
Final Year Project |
| author |
Qianjun, Jong |
| spellingShingle |
Qianjun, Jong An Expert System for Rating Vulnerabilities |
| author_facet |
Qianjun, Jong |
| author_sort |
Qianjun, Jong |
| title |
An Expert System for Rating Vulnerabilities |
| title_short |
An Expert System for Rating Vulnerabilities |
| title_full |
An Expert System for Rating Vulnerabilities |
| title_fullStr |
An Expert System for Rating Vulnerabilities |
| title_full_unstemmed |
An Expert System for Rating Vulnerabilities |
| title_sort |
expert system for rating vulnerabilities |
| publisher |
Universiti Teknologi Petronas |
| publishDate |
2013 |
| url |
http://utpedia.utp.edu.my/13520/1/%5BFYP2%5D%20JongQianjun_15112.pdf http://utpedia.utp.edu.my/13520/ |
| _version_ |
1739831905262501888 |
| score |
13.211869 |