An Expert System for Rating Vulnerabilities

Qianjun, Jong (2013) An Expert System for Rating Vulnerabilities. [Final Year Project]

[thumbnail of [FYP2] JongQianjun_15112.pdf]
Preview
PDF
[FYP2] JongQianjun_15112.pdf

Download (1MB) | Preview

Abstract

Over the past few years, there has been a worrying trend of increment in number of web
application intrusions. Based on reports released by reliable sources, these incidents are
due to the lack of experts in performing accurate risk assessment to mitigate the risk
while performing web security testing. Risk assessment is the core process in providing
appropriate recommendations when dealing with vulnerabilities discovered in a web
application. Therefore this research paper will be highlighting the problem of
insufficient experts to guide the less experienced information security analyst in
conducting effective risk assessment. The objective of this research will be to design an
expert system to aid the less experienced system analyst in conducting accurate risk
assessment during the absence of experts. The expert system will cover all risk rating of
vulnerabilities included in the OWASP Top 10 2013, and the target user will only be the
less experienced information system analyst. The methodology used in the research
would be based on the expert system development life cycle model. The main activity
conducted is the construction of knowledge base of the proposed expert system. Based
on the results of collected knowledge and information from the internet as well as
interviewing experts, the knowledge developer will construct a decision tree which aids
in the development of the expert system in later phase of the research.

Item Type: Final Year Project
Departments / MOR / COE: Sciences and Information Technology > Computer and Information Sciences
Depositing User: Users 2053 not found.
Date Deposited: 28 Feb 2014 11:48
Last Modified: 25 Jan 2017 09:38
URI: http://utpedia.utp.edu.my/id/eprint/13520

Actions (login required)

View Item
View Item