ANALYSIS OF THE PROBLEMS OF USING EXISTING WEB VULNERABILITY STANDARDS

Authors

DOI:

https://doi.org/10.28925/2663-4023.2023.22.96112

Abstract

In today's digital environment, the security of web resources is of primary importance due to the constant increase in the number of web vulnerabilities. This creates potential risks for users and businesses. In this context, standards and methodologies for detecting web vulnerabilities serve as a key tool in their identification and elimination. The two leading standards in this area, OWASP Top 10 and CWE (Common Weakness Enumeration), provide detailed recommendations and overviews of common vulnerabilities. However, they differ in their approaches to vulnerability classification and assessment. This article focuses on an in-depth analysis and comparison of these standards, identifying their advantages and limitations. The main goal is to develop recommendations to optimize the use of these standards, adapted to the specific needs of organizations, to ensure a higher level of security of web resources.

Downloads

Download data is not yet available.

References

Yevseiev, S., et al. (2022). Modeling of security systems for critical infrastructure facilities. PC Technology Center.

Kurii, Y., & Opirskyy, I. (2021). Analysis and Comparison of the NIST SP 800-53 and ISO/IEC 27001:2013. In Cybersecurity Providing in Information and Telecommunication Systems, 3288, 21–32.

2023 CWE Top 25 Most Dangerous Software Weaknesses. (2023). Cybersecurity & Infrastructure Security Agency. https://www.cisa.gov/news-events/alerts/2023/06/29/2023-cwe-top-25-most-dangerous-software -weaknesses

Nadeau, J. (2023). The top 10 API security risks OWASP list for 2023. Security Intelligence. https://securityintelligence.com/articles/the-top-10-api-security-risks-owasp-list-for-2023

Common Weakness Enumeration (CWE) Top 25. (2023). Common Weakness Enumeration https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html

Navigating API Security: The OWASP API Security Top 10 2023. (2023). APTORI. https://aptori.dev/blog/navigating-api-security-the-owasp-api-security-top-10-2023

Frequently Asked Questions (FAQ). Common Weakness Enumeration. https://cwe.mitre.org/about/faq.html

Common Weakness Enumeration (CWE) — database. Cybersecurity Help. https://www.cybersecurity-help.cz/vdb/cwe/

OWASP — wiki. Wikipedia. https://en.wikipedia.org/wiki/OWASP

CWE — wiki. Wikipedia. https://en.wikipedia.org/wiki/Common_Weakness_Enumeration

CWE Definitions. CVE Details. https://www.cvedetails.com/cwe-definitions/

Difference between CWE, CVE, and OWASP. Crashtest Security. https://crashtest-security.com/common-weakness-enumeration/

National Vulnerability Database. https://nvd.nist.gov/vuln/categories

CWE (Common Weakness Enumeration) and the CWE Top 25 Explained. HackerOne. https://www.hackerone.com/vulnerability-management/cwe-common-weakness-enumeration-and-cwe-top-25-explained

CWE — database. Security Database. https://www.security-database.com/cwe.php

Downloads


Abstract views: 292

Published

2023-12-28

How to Cite

Petriv, P., & Opirskyy, I. (2023). ANALYSIS OF THE PROBLEMS OF USING EXISTING WEB VULNERABILITY STANDARDS. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 2(22), 96–112. https://doi.org/10.28925/2663-4023.2023.22.96112

Most read articles by the same author(s)

1 2 > >>