1 / 7

Sri Reddy IWS2 Bits1

Assessing Vulnerabilities in Apache and IIS HTTP Servers Sung-Whan Woo, Omar H. Alhazmi, Yashwant K. Malaiya. Sri Reddy IWS2 Bits1. Intro. Both of the 2 most popular HTTP servers on the market: Apache & IIS have major vulnerabilities This study probes the discovery rate of vulnerabilities

zea
Download Presentation

Sri Reddy IWS2 Bits1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Assessing Vulnerabilities in Apache and IIS HTTP Servers Sung-Whan Woo, Omar H. Alhazmi, Yashwant K. Malaiya Sri Reddy IWS2 Bits1

  2. Intro • Both of the 2 most popular HTTP servers on the market: Apache & IIS have major vulnerabilities • This study probes the discovery rate of vulnerabilities • Past studies highlighted specific problems like Denial of Service

  3. Models • Vulnerabilities Discovery Models • Time-based • Effort-based (number of installations) • MODELING VULNERABILTIES IN HTTP SERVERS • Apache • IIS

  4. Vulnerabilities Discovery Models • 2 models • time-based & effort-based • number of bugs reported might saturate after a certain amt of time (has for IIS) • Effort-based is based on the number of installations (and the effort to find server bugs)

  5. Market Share as a Factor in Effort-Based Model

  6. MODELING VULNERABILTIES IN HTTP SERVERS (time-based) • Apache • IIS

  7. Conclusions • Apache vulnerabilities growth rate appears to be positive due to growth in # of installations of Apache web server • IIS vulnerabilities growth rate appears to be have become low due to little growth in # of IIS installations (saturation of IIS)

More Related