出版社:Defence Scientific Information & Documentation Centre
摘要:The attack surface of a system is the amount of application area that is exposed to the adversaries. The overall vulnerability can be reduced by reducing the attack surface of a web application. In this paper, we have considered the web components of two versions of an in-house developed project management web application and the attack surface has been calculated prior and post open web application security project (OWASP) compliance based on a security audit to determine and then compare the security of this Project Management Application. OWASP is an open community to provide free tools and guidelines for application security. It was observed that the attack surface of the software reduced by 45 per cent once it was made OWASP compliant. The vulnerable surface exposed by the code even after OWASP compliance was due to the mandatory access points left in the software to ensure accessibility over a network. Defence Science Journal, 2012, 62(5), pp.324-330 , DOI:http://dx.doi.org/10.14429/dsj.62.1291
关键词:Attack surface, DRDO Intranet, project management, open web application security project, security audit, security compliance
