1 / 9

Holey-Moley - metrics of setting a baseline for web vulnerability scanners

Holey-Moley - metrics of setting a baseline for web vulnerability scanners. Michael Glass Huning(David) Dai Advisor: Herbert Hugh Thompson. Problems with security scanners. How do they make their claims? Maintain a ranking of the most important vulnerabilities

pelham
Download Presentation

Holey-Moley - metrics of setting a baseline for web vulnerability scanners

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Holey-Moley-metrics of setting a baseline for web vulnerability scanners Michael Glass Huning(David) Dai Advisor: Herbert Hugh Thompson

  2. Problems with security scanners • How do they make their claims? Maintain a ranking of the most important vulnerabilities • Do they actually do what they say they do? Create a framework for openly writing benchmarking website pages for the scanners to test with

  3. Vulnerability Ranking System • A real-time vulnerability ranking using the standardized Common Weakness Enumeration (CWE) together with the always up-to-date U.S. government repository of vulnerabilities (NVD). • final_score = count_weight * count_score + cvss_weight * cvss_score Note: count_weight+ cvss_weight = 1

  4. Applying the formula with count_weight = 0.5 and cvss_weight = 0.5 gives us:

  5. The framework • Mimic “vulnerable” websites • Create finite state machines of chosen vulnerabilities • Record every transition the scanner takes when traversing states • At the end of the test, we can analyze coverage and efficiency of the scanner by looking at which states were visited, in how much time, and over how many transitions.

  6. FSM example SQL injection

  7. Demo • HP Scrawlr • Claims to detect most of the SQL injection Vulnerabilities • Let’s see how it performs…

More Related