TY - GEN
T1 - Vulnerability Data Assessment and Management Based on Passive Scanning Method and CVSS
AU - Santoso, Bagus Jati
AU - Ijtihadie, Royyana Muslim
AU - Aryawan, Gusti Ngurah Satria
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Vulnerability data assessment is the process of identifying, assessing, indexing, and prioritizing vulnerabilities in computer systems, applications, and network infrastructures. Automated testing tools such as Nessus, Acunetix, and Netsparker are commonly used in vulnerability assessment to provide information about identified vulnerabilities and their remediation methods. One of the types of vulnerability data assessment is application scans, which are utilized to test websites and identify common vulnerabilities. Passive scanning is a method used in vulnerability detection that leverages information obtained from transmitted data without direct interaction. It provides information such as the operating system in use, active ports, and installed applications. CVSS (Common Vulnerability Scoring System) is an assessment system that assigns numeric values reflecting the difficulty level of vulnerabilities. These numeric values are then converted into qualitative ratings such as low, medium, high, and critical, aiding in prioritizing remediation efforts. The system consists of metric groups that generate scores, including base score, temporal score, and environmental score. This work aims to utilize vulnerability assessment to assist developers in addressing identified vulnerabilities in developing or existing websites. Through experimentation, the system developed in this thesis demonstrates the capability to perform both on-demand and scheduled vulnerability assessments, providing comprehensive vulnerability reports upon completion of the process. The findings of this research contribute to enhancing the security of web applications by enabling efficient vulnerability management and prioritized remediation strategies.
AB - Vulnerability data assessment is the process of identifying, assessing, indexing, and prioritizing vulnerabilities in computer systems, applications, and network infrastructures. Automated testing tools such as Nessus, Acunetix, and Netsparker are commonly used in vulnerability assessment to provide information about identified vulnerabilities and their remediation methods. One of the types of vulnerability data assessment is application scans, which are utilized to test websites and identify common vulnerabilities. Passive scanning is a method used in vulnerability detection that leverages information obtained from transmitted data without direct interaction. It provides information such as the operating system in use, active ports, and installed applications. CVSS (Common Vulnerability Scoring System) is an assessment system that assigns numeric values reflecting the difficulty level of vulnerabilities. These numeric values are then converted into qualitative ratings such as low, medium, high, and critical, aiding in prioritizing remediation efforts. The system consists of metric groups that generate scores, including base score, temporal score, and environmental score. This work aims to utilize vulnerability assessment to assist developers in addressing identified vulnerabilities in developing or existing websites. Through experimentation, the system developed in this thesis demonstrates the capability to perform both on-demand and scheduled vulnerability assessments, providing comprehensive vulnerability reports upon completion of the process. The findings of this research contribute to enhancing the security of web applications by enabling efficient vulnerability management and prioritized remediation strategies.
KW - CVSS
KW - ICT infrastructure
KW - data engineering
KW - passive scanning
KW - security
KW - vulnerability data assessment
UR - http://www.scopus.com/inward/record.url?scp=85180362302&partnerID=8YFLogxK
U2 - 10.1109/ICTS58770.2023.10330884
DO - 10.1109/ICTS58770.2023.10330884
M3 - Conference contribution
AN - SCOPUS:85180362302
T3 - 2023 14th International Conference on Information and Communication Technology and System, ICTS 2023
SP - 325
EP - 330
BT - 2023 14th International Conference on Information and Communication Technology and System, ICTS 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 14th International Conference on Information and Communication Technology and System, ICTS 2023
Y2 - 4 October 2023 through 5 October 2023
ER -