Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling Method

The aim of this research is to propose a quantitative risk modeling method that reduces the guess work and uncertainty from the vulnerability and risk assessment activities of web based applications while providing users the flexibility to assess risk according to their risk appetite and tolerance w...

Full description

Bibliographic Details
Main Author: Sergiu SECHEL
Format: Article
Language:English
Published: Inforec Association 2017-01-01
Series:Informatică economică
Subjects:
Online Access:http://revistaie.ase.ro/content/83/02%20-%20sechel.pdf
_version_ 1818270098418302976
author Sergiu SECHEL
author_facet Sergiu SECHEL
author_sort Sergiu SECHEL
collection DOAJ
description The aim of this research is to propose a quantitative risk modeling method that reduces the guess work and uncertainty from the vulnerability and risk assessment activities of web based applications while providing users the flexibility to assess risk according to their risk appetite and tolerance with a high degree of assurance. The research method is based on the research done by the OWASP Foundation on this subject but their risk rating methodology needed de-bugging and updates in different in key areas that are presented in this paper. The modified risk modeling method uses Monte Carlo simulations to model risk characteristics that can’t be determined without guess work and it was tested in vulnerability assessment activities on real production systems and in theory by assigning discrete uniform assumptions to all risk charac-teristics (risk attributes) and evaluate the results after 1.5 million rounds of Monte Carlo simu-lations.
first_indexed 2024-12-12T21:04:53Z
format Article
id doaj.art-760b05f63270447f9583f4bbf9dab1e5
institution Directory Open Access Journal
issn 1453-1305
1842-8088
language English
last_indexed 2024-12-12T21:04:53Z
publishDate 2017-01-01
publisher Inforec Association
record_format Article
series Informatică economică
spelling doaj.art-760b05f63270447f9583f4bbf9dab1e52022-12-22T00:12:02ZengInforec AssociationInformatică economică1453-13051842-80882017-01-01213163010.12948/issn14531305/21.3.2017.02Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling MethodSergiu SECHELThe aim of this research is to propose a quantitative risk modeling method that reduces the guess work and uncertainty from the vulnerability and risk assessment activities of web based applications while providing users the flexibility to assess risk according to their risk appetite and tolerance with a high degree of assurance. The research method is based on the research done by the OWASP Foundation on this subject but their risk rating methodology needed de-bugging and updates in different in key areas that are presented in this paper. The modified risk modeling method uses Monte Carlo simulations to model risk characteristics that can’t be determined without guess work and it was tested in vulnerability assessment activities on real production systems and in theory by assigning discrete uniform assumptions to all risk charac-teristics (risk attributes) and evaluate the results after 1.5 million rounds of Monte Carlo simu-lations.http://revistaie.ase.ro/content/83/02%20-%20sechel.pdfVulnerabilitiesQuantitative RiskWeb ApplicationsMonte CarloStochastic SystemsCybersecurity
spellingShingle Sergiu SECHEL
Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling Method
Informatică economică
Vulnerabilities
Quantitative Risk
Web Applications
Monte Carlo
Stochastic Systems
Cybersecurity
title Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling Method
title_full Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling Method
title_fullStr Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling Method
title_full_unstemmed Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling Method
title_short Web Applications Vulnerability Management using a Quantitative Stochastic Risk Modeling Method
title_sort web applications vulnerability management using a quantitative stochastic risk modeling method
topic Vulnerabilities
Quantitative Risk
Web Applications
Monte Carlo
Stochastic Systems
Cybersecurity
url http://revistaie.ase.ro/content/83/02%20-%20sechel.pdf
work_keys_str_mv AT sergiusechel webapplicationsvulnerabilitymanagementusingaquantitativestochasticriskmodelingmethod