Abstract: In large organizations with a vast number of in-house developed web applications, identifying security weaknesses (vulnerabilities) is not a major challenge; because automated tools utilizing various techniques, such as Taint Analysis and Data Flow Analysis, are capable of identifying millions of vulnerabilities in application’s source-code based on OWASP Top 10 classification. One of the main issues challenging security analysts is the prioritization and classification of vulnerabilities. While the assessment tools will provide “lists of vulnerabilities classified by the OWASP Top 10 or some other compliance-oriented scheme” (Laura Bell, 2017), it is still not practical to timely-address risk mitigation of web applications. Most security teams would prefer to first address remediations based on the business-critical applications that manage confidential data. An example could be a B2B website that handles financial transactions. But adopting this approach will render other more popular websites, handling less sensitive information, at the bottom of the remediation list.
Keywords: In-house developed applications, business-critical applications, web-page utilization, reprioritize remediation.
Title: How to Prioritize Remediation of Cybersecurity Weaknesses in Web Applications
Author: Wael M. Alagi, Sultan AlSharif
International Journal of Computer Science and Information Technology Research
ISSN 2348-1196 (print), ISSN 2348-120X (online)
Research Publish Journals