Радіоелектронні і комп'ютерні системи (Oct 2018)

APPLYING OF ATTACK TREES FOR ESTIMATION THE PROBABILITY OF A SUCCESSFUL ATTACK OF THE WEB-APPLICATION

  • Артём Григорьевич Тецкий

DOI
https://doi.org/10.32620/reks.2018.3.08
Journal volume & issue
Vol. 0, no. 3
pp. 74 – 79

Abstract

Read online

The development of technologies leads to the expansion of the range of services provided on the Internet, the online business is actively developing. As a rule, when creating a new Web resource for business, the main emphasis is on the need to stand out among the sites of competitors. Often, the owners of Web resources understood the possible consequences of cyber-incident only after when their resource was attacked. This paper discusses the frequent causes of attacks of Web-applications created with the content management systems. A content management system allows to create sites without directly writing code. The main sources of information about frequent security problems of Web-resources are documents of organizations OWASP, SANS, Positive Technologies. Due to the high activity of intruders, it is necessary to create methods for assessing the security of the Web-application and methods for countering attacks. In the paper, the need to assess the probability of a successful attack of Web-applications is conditioned. In practice, it is impossible to determine all possible attack scenarios, because each Web-application has its own functionality. The frequent attack scenarios on which the tree was built are investigated. The method of estimating the probabilities of basic events using expert assessments based on the results of the preliminary implementation of a set of measures to identify the security problems is used. The developed method of assessing security allows to consider not only possible vulnerabilities in the source code, but also possible security policy violations. The proposed method can be applied by business entities working in the field of information security, when choosing security measures for a particular Web-application. A further direction of research is the development of a method for choosing countermeasures based on the described method. The method should demonstrate the effect of each countermeasure on the probability of a successful attack

Keywords