An Intelligent Approach and Data Management in Active Security Auditing Processes for Web Based Applications

Lyazzat Atymtayeva, Serik Nurmyshev, Gulfarida Tulemissova

2017

Abstract

Currently we observe increasing popularity of web technology that allows for reflecting traditional businesses into web-based applications (web applications, for short). Such web applications are often interesting to hackers aiming at stealing (confidential) user information; they would use such information for personal gain. For providing the enough security level of computer and information systems the companies should be interested in the regular information security active auditing. This process often accompanies the checking and control of the security systems of enterprises but it is usually expensive by finance, time and human resources consuming. The one of the tools for active security audit is the using of vulnerability scanners especially for web applications security assessment. During the process of the web applications checking the vulnerability scanners discover a lot of bugs in applications security system and inform the users (auditors) by providing the list of vulnerabilities. Despite of the various types of vulnerability scanners only few of them may contain the intelligent tools which can facilitate the auditing process. Therefore, there is a high demand for the development of intelligent security scanners that are compliant with the de facto security standard of OWASP - the Open Web Application Security Project. We argue that embedding intelligent tools (expert systems) in such vulnerability scanners would not only increase effectiveness but would also decrease the cost of an OWASP auditing process. We can claim that using fuzzy sets and logic theories may facilitate this process in terms of processing that concerns the human expert contributions.

Download


Paper Citation


in Harvard Style

Atymtayeva L., Nurmyshev S. and Tulemissova G. (2017). An Intelligent Approach and Data Management in Active Security Auditing Processes for Web Based Applications. In Proceedings of the Seventh International Symposium on Business Modeling and Software Design - Volume 1: BMSD, ISBN 978-989-758-238-7, pages 136-145. DOI: 10.5220/0006528201360145


in Bibtex Style

@conference{bmsd17,
author={Lyazzat Atymtayeva and Serik Nurmyshev and Gulfarida Tulemissova},
title={An Intelligent Approach and Data Management in Active Security Auditing Processes for Web Based Applications},
booktitle={Proceedings of the Seventh International Symposium on Business Modeling and Software Design - Volume 1: BMSD,},
year={2017},
pages={136-145},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006528201360145},
isbn={978-989-758-238-7},
}


in EndNote Style

TY - CONF

JO - Proceedings of the Seventh International Symposium on Business Modeling and Software Design - Volume 1: BMSD,
TI - An Intelligent Approach and Data Management in Active Security Auditing Processes for Web Based Applications
SN - 978-989-758-238-7
AU - Atymtayeva L.
AU - Nurmyshev S.
AU - Tulemissova G.
PY - 2017
SP - 136
EP - 145
DO - 10.5220/0006528201360145