liu.seSearch for publications in DiVA
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Mapping and Analysis of Common Vulnerabilities in Popular Web Servers
Swedish Def Res Agcy FOI, Sweden.
Linköping University, Department of Computer and Information Science. Linköping University, Faculty of Science & Engineering.
Swedish Def Res Agcy FOI, Sweden.
Linköping University, Department of Computer and Information Science, Software and Systems. Linköping University, Faculty of Science & Engineering.ORCID iD: 0000-0002-1485-0802
2024 (English)In: CRITICAL INFORMATION INFRASTRUCTURES SECURITY, CRITIS 2023, SPRINGER INTERNATIONAL PUBLISHING AG , 2024, Vol. 14599Conference paper, Published paper (Refereed)
Abstract [en]

The digitalization of the modern society has made many organizations susceptible to cybercrime through exploitations of software vulnerabilities. The popular web servers Apache HTTP and Nginx make up around 65% of the market for web server software and power the majority of all websites on the internet. Vulnerabilities that occur in these two software programs therefore pose a significant risk to the millions of users. This paper maps the most common vulnerability types in these web servers by retrieving, filtering, and analyzing information related to around 195,000 reported vulnerabilities. The results not only show that 5 vulnerability types according to the NIST classification, namely CWE-20, CWE-200, CWE-22, CWE-79, and CWE-787, account for almost 25% of all reported vulnerabilities in Apache HTTP and Nginx, but also that these vulnerability types are commonly found in other web software as well. The outcomes of this study are useful for constructing proof-of-concept insecurity demonstrations and for applying in awareness exercises and cybersecurity education.
Place, publisher, year, edition, pages
SPRINGER INTERNATIONAL PUBLISHING AG , 2024. Vol. 14599
Series
Lecture Notes in Computer Science, ISSN 0302-9743
Keywords [en]
Cybersecurity; Demonstration; Vulnerability; Web; Server; NVD; CVE
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:liu:diva-207478DOI: 10.1007/978-3-031-62139-0_1ISI: 001273647500001ISBN: 9783031621383 (print)ISBN: 9783031621390 (electronic)OAI: oai:DiVA.org:liu-207478DiVA, id: diva2:1896510
Conference
18th International Conference on Critical Information Infrastructures Security (CRITIS), Helsinki, FINLAND, sep 13-15, 2023
Note

Funding Agencies|Resilient Information and Control Systems (RICS) - Swedish Civil Contingencies Agency (MSB)

Available from: 2024-09-10 Created: 2024-09-10 Last updated: 2024-09-10

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Search in DiVA

By author/editor
Can, JohanNadjm-Tehrani, Simin
By organisation
Department of Computer and Information ScienceFaculty of Science & EngineeringSoftware and Systems
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 156 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
Accessibility
|
DiVA portal
|
DiVA Log in
|
Contact us
|
LiU University Library
|
SwePub
|
Uppsök