Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling Method
The aim of this research is to propose a quantitative risk modeling method that reduces the guess work and uncertainty from the vulnerability and risk assessment activities of web based applications while providing users the flexibility to assess risk according to their risk appetite and tolerance w...
Main Author: | |
---|---|
Format: | Article |
Language: | English |
Published: |
Inforec Association
2017-01-01
|
Series: | Informatică economică |
Subjects: | |
Online Access: | http://revistaie.ase.ro/content/83/02%20-%20sechel.pdf |
_version_ | 1818270098418302976 |
---|---|
author | Sergiu SECHEL |
author_facet | Sergiu SECHEL |
author_sort | Sergiu SECHEL |
collection | DOAJ |
description | The aim of this research is to propose a quantitative risk modeling method that reduces the guess work and uncertainty from the vulnerability and risk assessment activities of web based applications while providing users the flexibility to assess risk according to their risk appetite and tolerance with a high degree of assurance. The research method is based on the research done by the OWASP Foundation on this subject but their risk rating methodology needed de-bugging and updates in different in key areas that are presented in this paper. The modified risk modeling method uses Monte Carlo simulations to model risk characteristics that can’t be determined without guess work and it was tested in vulnerability assessment activities on real production systems and in theory by assigning discrete uniform assumptions to all risk charac-teristics (risk attributes) and evaluate the results after 1.5 million rounds of Monte Carlo simu-lations. |
first_indexed | 2024-12-12T21:04:53Z |
format | Article |
id | doaj.art-760b05f63270447f9583f4bbf9dab1e5 |
institution | Directory Open Access Journal |
issn | 1453-1305 1842-8088 |
language | English |
last_indexed | 2024-12-12T21:04:53Z |
publishDate | 2017-01-01 |
publisher | Inforec Association |
record_format | Article |
series | Informatică economică |
spelling | doaj.art-760b05f63270447f9583f4bbf9dab1e52022-12-22T00:12:02ZengInforec AssociationInformatică economică1453-13051842-80882017-01-01213163010.12948/issn14531305/21.3.2017.02Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling MethodSergiu SECHELThe aim of this research is to propose a quantitative risk modeling method that reduces the guess work and uncertainty from the vulnerability and risk assessment activities of web based applications while providing users the flexibility to assess risk according to their risk appetite and tolerance with a high degree of assurance. The research method is based on the research done by the OWASP Foundation on this subject but their risk rating methodology needed de-bugging and updates in different in key areas that are presented in this paper. The modified risk modeling method uses Monte Carlo simulations to model risk characteristics that can’t be determined without guess work and it was tested in vulnerability assessment activities on real production systems and in theory by assigning discrete uniform assumptions to all risk charac-teristics (risk attributes) and evaluate the results after 1.5 million rounds of Monte Carlo simu-lations.http://revistaie.ase.ro/content/83/02%20-%20sechel.pdfVulnerabilitiesQuantitative RiskWeb ApplicationsMonte CarloStochastic SystemsCybersecurity |
spellingShingle | Sergiu SECHEL Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling Method Informatică economică Vulnerabilities Quantitative Risk Web Applications Monte Carlo Stochastic Systems Cybersecurity |
title | Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling Method |
title_full | Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling Method |
title_fullStr | Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling Method |
title_full_unstemmed | Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling Method |
title_short | Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling Method |
title_sort | web applications vulnerability management using a quantitative stochastic risk modeling method |
topic | Vulnerabilities Quantitative Risk Web Applications Monte Carlo Stochastic Systems Cybersecurity |
url | http://revistaie.ase.ro/content/83/02%20-%20sechel.pdf |
work_keys_str_mv | AT sergiusechel webapplicationsvulnerabilitymanagementusingaquantitativestochasticriskmodelingmethod |