Welcome to the InfoSci Platform
Reference Hub1
Fuzzy Rule-Based Vulnerability Assessment Framework for Web Applications

Fuzzy Rule-Based Vulnerability Assessment Framework for Web Applications

Hossain Shahriar, Hisham Haddad
Copyright: © 2016 |Volume: 7 |Issue: 2 |Pages: 18
ISSN: 1947-3036|EISSN: 1947-3044|EISBN13: 9781466691957|DOI: 10.4018/IJSSE.2016040101
Cite Article Cite Article

MLA

Shahriar, Hossain, and Hisham Haddad. "Fuzzy Rule-Based Vulnerability Assessment Framework for Web Applications." IJSSE vol.7, no.2 2016: pp.1-18. http://doi.org/10.4018/IJSSE.2016040101

APA

Shahriar, H. & Haddad, H. (2016). Fuzzy Rule-Based Vulnerability Assessment Framework for Web Applications. International Journal of Secure Software Engineering (IJSSE), 7(2), 1-18. http://doi.org/10.4018/IJSSE.2016040101

Chicago

Shahriar, Hossain, and Hisham Haddad. "Fuzzy Rule-Based Vulnerability Assessment Framework for Web Applications," International Journal of Secure Software Engineering (IJSSE) 7, no.2: 1-18. http://doi.org/10.4018/IJSSE.2016040101

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

This paper addresses the problem of assessing risk in web application due to implementation level vulnerabilities. In particular, the authors address the common research challenge of finding enough historical data to compute the probability of vulnerabilities and exploitations. They develop a Fuzzy Logic based System (FLS)1 to compute the risk uniformly and to address the diversity of risks. The authors propose a set of crisp metrics that are used to define fuzzy sets. They also develop a set of rule-bases to assess the risk level. The proposed FLS can be a useful tool to aid application developers and industry practitioners to assess the risk and plan ahead for employing necessary mitigation approaches. The authors evaluate their proposed approach using three real-world web applications implemented in PHP, and apply it to four types of common vulnerabilities. The initial results indicate that the proposed FLS approach can effectively discover high risk applications.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.