Predicting Vulnerabilities in Web Applications Based on Website Security Model

Abstract

Web sites and services are probably the most used digital channels today, from ordinary web-sites to cloud services that enable many aspects of our digital lives. Due to the popularity of the web, it is also a very common target of cyber attacks that typically focus either on web application itself or on the underlying server infrastructure. Regarding the highest level of the stack - the web application - there are many available frameworks and content management systems (CMS) for rapid web development, from the ones more oriented to developers (e.g. Spring, Django) to the ones that focus on end users (e.g. Wordpress, Joomla). Typical problem with using a framework or a CMS is the need for constant care of its security, which is done by regular patching of the systems. When going a bit lower towards the web server, one can observe the security related features that might or might not be implemented on the server, such as header security (e.g. cookie related flags, force of encryption etc.). The state of all the mentioned parameters can well be obtained by web crawlers that can browse the web and collect specific information about web applications, sites and servers that run them. In this paper, we propose a model for estimating the possibility of web compromise based on the historical crawler collected data. Due to large amounts of data that can be gathered from the web sites and, especially, indication of compromise of particular web sites, we can determine what factors might lead to a compromise in near future. In this sense, we propose a method for analyzing web site data with respect to known compromises from historical data. We build a model that describes a web site's security state and use the method for estimating how secure the modeled web is and how likely it would become a victim of compromise.