Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
%0 Journal Article
%1 noauthororeditor
%A Etzkorn, Mohammad Shojaeshafiei Letha
%A Anderson, Michael
%D 2020
%J International Journal of Computer Networks & Communications (IJCNC)
%K analytic applications cybersecurity fuzzy goal hierarchy logic metrics process question vulnerability web
%N 4
%P 105-123
%R 10.5121/ijcnc.2020.12407
%T Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilities of Web Applications
%U https://aircconline.com/ijcnc/V12N4/12420cnc07.pdf
%V 12
%X Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
@article{noauthororeditor,
abstract = {Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.},
added-at = {2020-09-16T07:54:37.000+0200},
author = {Etzkorn, Mohammad Shojaeshafiei Letha and Anderson, Michael},
biburl = {https://www.bibsonomy.org/bibtex/21d2c3ac0e887c72134cf91209ae50203/laimbee},
doi = {10.5121/ijcnc.2020.12407},
interhash = {25a299509a04c73b8106ddd7ba258f88},
intrahash = {1d2c3ac0e887c72134cf91209ae50203},
issn = {0974 - 9322},
journal = {International Journal of Computer Networks & Communications (IJCNC)},
keywords = {analytic applications cybersecurity fuzzy goal hierarchy logic metrics process question vulnerability web},
language = {English},
month = {july},
number = 4,
pages = {105-123},
timestamp = {2020-09-16T07:54:37.000+0200},
title = {Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilities of Web Applications},
url = {https://aircconline.com/ijcnc/V12N4/12420cnc07.pdf},
volume = 12,
year = 2020
}