ANALYSIS OF THE PROBLEMS OF USING EXISTING WEB VULNERABILITY STANDARDS
DOI:
https://doi.org/10.28925/2663-4023.2023.22.96112Abstract
In today's digital environment, the security of web resources is of primary importance due to the constant increase in the number of web vulnerabilities. This creates potential risks for users and businesses. In this context, standards and methodologies for detecting web vulnerabilities serve as a key tool in their identification and elimination. The two leading standards in this area, OWASP Top 10 and CWE (Common Weakness Enumeration), provide detailed recommendations and overviews of common vulnerabilities. However, they differ in their approaches to vulnerability classification and assessment. This article focuses on an in-depth analysis and comparison of these standards, identifying their advantages and limitations. The main goal is to develop recommendations to optimize the use of these standards, adapted to the specific needs of organizations, to ensure a higher level of security of web resources.
Downloads
References
Yevseiev, S., et al. (2022). Modeling of security systems for critical infrastructure facilities. PC Technology Center.
Kurii, Y., & Opirskyy, I. (2021). Analysis and Comparison of the NIST SP 800-53 and ISO/IEC 27001:2013. In Cybersecurity Providing in Information and Telecommunication Systems, 3288, 21–32.
2023 CWE Top 25 Most Dangerous Software Weaknesses. (2023). Cybersecurity & Infrastructure Security Agency. https://www.cisa.gov/news-events/alerts/2023/06/29/2023-cwe-top-25-most-dangerous-software -weaknesses
Nadeau, J. (2023). The top 10 API security risks OWASP list for 2023. Security Intelligence. https://securityintelligence.com/articles/the-top-10-api-security-risks-owasp-list-for-2023
Common Weakness Enumeration (CWE) Top 25. (2023). Common Weakness Enumeration https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html
Navigating API Security: The OWASP API Security Top 10 2023. (2023). APTORI. https://aptori.dev/blog/navigating-api-security-the-owasp-api-security-top-10-2023
Frequently Asked Questions (FAQ). Common Weakness Enumeration. https://cwe.mitre.org/about/faq.html
Common Weakness Enumeration (CWE) — database. Cybersecurity Help. https://www.cybersecurity-help.cz/vdb/cwe/
OWASP — wiki. Wikipedia. https://en.wikipedia.org/wiki/OWASP
CWE — wiki. Wikipedia. https://en.wikipedia.org/wiki/Common_Weakness_Enumeration
CWE Definitions. CVE Details. https://www.cvedetails.com/cwe-definitions/
Difference between CWE, CVE, and OWASP. Crashtest Security. https://crashtest-security.com/common-weakness-enumeration/
National Vulnerability Database. https://nvd.nist.gov/vuln/categories
CWE (Common Weakness Enumeration) and the CWE Top 25 Explained. HackerOne. https://www.hackerone.com/vulnerability-management/cwe-common-weakness-enumeration-and-cwe-top-25-explained
CWE — database. Security Database. https://www.security-database.com/cwe.php
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Петро Петрів, Іван Опірський
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.