Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
Holistic Web Application Security Visualization for Multi-Project and Multi-Phase Dynamic Application Security Test Results
Date
2021-01-01
Author
Sonmez, Ferda Ozdemir
Günel Kılıç, Banu
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
188
views
0
downloads
Cite This
As the number of web applications and the corresponding number and sophistication of the threats increases, creating new tools that are efficient and accessible becomes essential. Although there is much research concentrating on network security visualizations, there are only a few studies considering the web application vulnerabilities' possible visualization options. Consequently, to fill this gap, this research centers around a novel perception configuration to improve web application vulnerability monitoring. This study forms a generic data structure based on data sources that might be readily associated and commonly available for the majority of the web applications. The primary contribution of this study is a new dashboard tool for visualizing dynamic application security test results. Another contribution is the metrics/measures that the tool presents. The paper also describes a validation study in which participants answered quiz questions upon using the tool prototype. For the case study, sample data has been generated using the OWASP ZAP scanner tool and a prototype has been implemented to be used for validation purposes. This study allows the investigation of fifty metrics/measures for the multi-project/phase environment that enhances its benefits if the user aims to monitor a series of analyses' results and the changes between them for more than one web project.
URI
https://hdl.handle.net/11511/89160
Journal
IEEE ACCESS
DOI
https://doi.org/10.1109/access.2021.3057044
Collections
Graduate School of Informatics, Article
Suggestions
OpenMETU
Core
Using semantic information for distributed web service discovery
Cantürk, Deniz; Karagöz, Pınar (2011-01-01)
With the increase in number and size of service registries, web service discovery becomes a challenging activity. There is also tremendous increase in the number of web services that are not registered to any of the business registries. Under these conditions, finding an appropriate web service may lead to problems in terms of performance, efficiency, end-to-end security and quality of the discovered services. Use of semantic information has been studied in web service discovery for improving the accuracy o...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
Advanced methods for result and score caching in web search engines
Yafay, Erman.; Altıngövde, İsmail Sengör; Department of Computer Engineering (2019)
Search engines employ caching techniques in main memory to improve system efficiency and scalability. In this thesis, we focus on improving the cache performance for web search engines where our contributions can be separated into two main parts. Firstly, we investigate the impact of the sample size for frequency statistics for most popular cache eviction strategies in the literature, and show that cache performance improves with larger samples, i.e., by storing the frequencies of all (or, most of) the quer...
Optimization of an online course with web usage mining
Akman, LE; Akkan, B; Baykal, Nazife (2004-02-18)
The huge amount of information existing in the World Wide Web constitutes an ideal environment to implement data mining techniques. Web mining is the mining of web data. There are different applications of web mining: web content mining, web structure mining and web usage mining. In our study we analyzed an online course by web usage mining techniques in order to optimize the navigation paths, the duration of the time spend on each page and the number of visits throughout the semester of the course. Moreove...
Simulation and performance evaluation of a distributed real-time communication protocol for industrial embedded systems
Aybar, Güray; Schmidt, Şenan Ece; Department of Electrical and Electronics Engineering (2011)
The Dynamic Distributed Dependable Real-Time Industrial communication Protocol (D3RIP) provides service guarantees for Real-Time traffic and integrates the dynamically changing requirements of automation applications in their operation to efficiently utilize the resources. The protocol dynamically allocates the network resources according to the respective system state. To this end, the protocol architecture consists of an Interface Layer that provides time-slotted operation and a Coordination Layer that as...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
F. O. Sonmez and B. Günel Kılıç, “Holistic Web Application Security Visualization for Multi-Project and Multi-Phase Dynamic Application Security Test Results,”
IEEE ACCESS
, pp. 25858–25884, 2021, Accessed: 00, 2021. [Online]. Available: https://hdl.handle.net/11511/89160.
