Software security analysis and assessment model for the web-based applications

Abstract

For web-based applications, a security analysis was conducted in order to identify software vulnerabilities and develop a new security assessment model. During such an analysis, the major security vulnerabilities observed in the open web proxy honeypot during the data collection time from February to March 2005 were computer worm attacks in Code Red and Nimda, AWSTAT attacks, unauthorized access request (HTTP error code 403), MS-SQL version overflow attacks, etc. To develop the security assessment model, we extended the generic security model for a single component system to multiple components using the multidimensional Markov process model. The resulting model was applied to the most popular software systems. The software system availability in security is computed using real data, and the mean time to security failure is calculated. This paper not only provides the software vulnerability analysis of the web-based applications, but also details the software security assessment for multiple component systems.