1 research outputs found
Detection of Configuration Vulnerabilities in Distributed (Web) Environments
Many tools and libraries are readily available to build and operate
distributed Web applications. While the setup of operational environments is
comparatively easy, practice shows that their continuous secure operation is
more difficult to achieve, many times resulting in vulnerable systems exposed
to the Internet. Authenticated vulnerability scanners and validation tools
represent a means to detect security vulnerabilities caused by missing patches
or misconfiguration, but current approaches center much around the concepts of
hosts and operating systems. This paper presents a language and an approach for
the declarative specification and execution of machine-readable security checks
for sets of more fine-granular system components depending on each other in a
distributed environment. Such a language, building on existing standards,
fosters the creation and sharing of security content among security
stakeholders. Our approach is exemplified by vulnerabilities of and
corresponding checks for Open Source Software commonly used in today's Internet
applications.Comment: 18 pages. To appear in Proc. of Security and Privacy in Communication
Networks - 8th Iternational ICST Conference, SecureComm, 201