Vulnerability Data Assessment and Management Based on Passive Scanning Method and CVSS

Bagus Jati Santoso*, Royyana Muslim Ijtihadie, Gusti Ngurah Satria Aryawan

*Corresponding author for this work

Abstract

Vulnerability data assessment is the process of identifying, assessing, indexing, and prioritizing vulnerabilities in computer systems, applications, and network infrastructures. Automated testing tools such as Nessus, Acunetix, and Netsparker are commonly used in vulnerability assessment to provide information about identified vulnerabilities and their remediation methods. One of the types of vulnerability data assessment is application scans, which are utilized to test websites and identify common vulnerabilities. Passive scanning is a method used in vulnerability detection that leverages information obtained from transmitted data without direct interaction. It provides information such as the operating system in use, active ports, and installed applications. CVSS (Common Vulnerability Scoring System) is an assessment system that assigns numeric values reflecting the difficulty level of vulnerabilities. These numeric values are then converted into qualitative ratings such as low, medium, high, and critical, aiding in prioritizing remediation efforts. The system consists of metric groups that generate scores, including base score, temporal score, and environmental score. This work aims to utilize vulnerability assessment to assist developers in addressing identified vulnerabilities in developing or existing websites. Through experimentation, the system developed in this thesis demonstrates the capability to perform both on-demand and scheduled vulnerability assessments, providing comprehensive vulnerability reports upon completion of the process. The findings of this research contribute to enhancing the security of web applications by enabling efficient vulnerability management and prioritized remediation strategies.

Original languageEnglish
Title of host publication2023 14th International Conference on Information and Communication Technology and System, ICTS 2023
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages325-330
Number of pages6
ISBN (Electronic)9798350312164
DOIs
Publication statusPublished - 2023
Event14th International Conference on Information and Communication Technology and System, ICTS 2023 - Surabaya, Indonesia
Duration: 4 Oct 20235 Oct 2023

Publication series

Name2023 14th International Conference on Information and Communication Technology and System, ICTS 2023

Conference

Conference14th International Conference on Information and Communication Technology and System, ICTS 2023
Country/TerritoryIndonesia
CitySurabaya
Period4/10/235/10/23

Fingerprint

Dive into the research topics of 'Vulnerability Data Assessment and Management Based on Passive Scanning Method and CVSS'. Together they form a unique fingerprint.

Cite this