การพัฒนาเครื่องมือเพื่อประเมินความเสี่ยงของเว็บเซิร์ฟเวอร์ โดยใช้ซีวีอีและการร้องขอข้อมูลแบบเอชทีทีพี / เกียรติ ภิรมย์โสภา = Development of a tool for web server risk assessment using CVE and HTTP request / Kiart Piromsopa
Risk assessment is a key component of computer system management in an information era. It provides useful information for handling the potential problems. Currently, web server plays an important role for providing information service via internet system. If the web server security system is not constantly updated to the safety status, it may be attacked which could result in business loss. The objective of this thesis is to develop an application program for web server risk assessment. The research primarily focuses on the CVE of two commonly used web servers, Apache and IIS, for vulnerability risk assessment. The levels of impact classification by loss types, confidentiality, integrity and availability are proposed in this research. Moreover, the probabilities of vulnerability occurrences of experimental units are calculated for the basis of risk assessment usage. These samples are randomly selected from web servers population in one organization, and web servers population registered domain name in Thailand. This research also develops a tool using HTTP protocol for inquiring data from web server for risk assessment. The data is calculated to assess related faults and then used for assessing the risk of a web server. The developed tool can also compare the risk value of one target group with another group of web servers predefined in the program. Our experimental results have shown that the majority of web servers in Thailand have the highest security risk in confidentiality. They could hence, disclose their confidential data to non-authorized users