Assessing Vulnerabilities in Apache and IIS HTTP Servers

Indiana University-Purdue University, Indianapolis, USA September 29-October 01

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/DASC.2006.21

2nd IEEE International Symposium on D ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Sung-Whan Woo Articles by Omar H. Alhazmi Articles by Yashwant K. Malaiya

	ASCII Text	x
	Sung-Whan Woo, Omar H. Alhazmi, Yashwant K. Malaiya, "Assessing Vulnerabilities in Apache and IIS HTTP Servers," Dependable, Autonomic and Secure Computing, IEEE International Symposium on, pp. 103-110, 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC'06), 2006.

	BibTex	x
	@article{ 10.1109/DASC.2006.21, author = {Sung-Whan Woo and Omar H. Alhazmi and Yashwant K. Malaiya}, title = {Assessing Vulnerabilities in Apache and IIS HTTP Servers}, journal ={Dependable, Autonomic and Secure Computing, IEEE International Symposium on}, volume = {0}, year = {2006}, isbn = {0-7695-2539-3}, pages = {103-110}, doi = {http://doi.ieeecomputersociety.org/10.1109/DASC.2006.21}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Dependable, Autonomic and Secure Computing, IEEE International Symposium on TI - Assessing Vulnerabilities in Apache and IIS HTTP Servers SN - 0-7695-2539-3 SP103 EP110 A1 - Sung-Whan Woo, A1 - Omar H. Alhazmi, A1 - Yashwant K. Malaiya, PY - 2006 KW - null VL - 0 JA - Dependable, Autonomic and Secure Computing, IEEE International Symposium on ER -

Sung-Whan Woo, Colorado State University, USA

Omar H. Alhazmi, Colorado State University, USA

Yashwant K. Malaiya, Colorado State University, USA

We examine the feasibility of quantitatively characterizing the vulnerabilities in the two major HTTP servers. In particular, we investigate the applicability of quantitative empirical models to the vulnerabilities discovery process for these servers. Such models can allow us to predict the number of vulnerabilities that may potentially be present in a server but may not yet have been found. The data on vulnerabilities found in the two servers is mined and analyzed. We explore the applicability of a time-based and an effort-based vulnerability discovery model. The effort-based model requires data of the current market-share of a server. Both models have been successfully used for vulnerabilities in the major operating systems. Our results show that both vulnerabilities discovery models fit the data for the HTTP servers well. We also examine a separate classification schemes for server vulnerabilities that based on the source of error, and then explore the applicability of the quantitative methods to individual classes.

Citation:

Sung-Whan Woo, Omar H. Alhazmi, Yashwant K. Malaiya, "Assessing Vulnerabilities in Apache and IIS HTTP Servers," dasc, pp.103-110, 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.