Report: Measuring the Attack Surfaces of Enterprise Software
نویسندگان
چکیده
Software vendors are increasingly concerned about mitigating the security risk of their software. Code quality improvement is a traditional approach to mitigate security risk; measuring and reducing the attack surface of software is a complementary approach. In this paper, we apply a method for measuring attack surfaces to enterprise software written in Java. We implement a tool as an Eclipse plugin to measure an SAP software system’s attack surface in an automated manner. We demonstrate the feasibility of our approach by measuring the attack surfaces of three versions of an SAP software system. We envision our measurement method and tool to be useful to software developers for improving software security and quality.
منابع مشابه
Measuring the Attack Surfaces of SAP Business Applications
Software vendors such as SAP are increasingly concerned about mitigating the security risk of their software. Code quality improvement is a traditional approach to mitigate security risk; measuring and reducing the attack surface of software is a complementary approach. In this paper, we introduce a method for measuring the attack surfaces of SAP business applications implemented in Java. We im...
متن کاملTowards Measuring the Project Management Process During Large Scale Software System Implementation Phase
Project management is an important factor to accomplish the decision to implement large-scale software systems (LSS) in a successful manner. The effective project management comes into play to plan, coordinate and control such a complex project. Project management factor has been argued as one of the important Critical Success Factor (CSF), which need to be measured and monitored carefully duri...
متن کاملAn Approach to Measuring A System’s Attack Surface
Practical software security measurements and metrics are critical to the improvement of software security. We propose a metric to determine whether one software system is more secure than another similar system with respect to their attack surface. We use a system’s attack surface measurement as an indicator of the system’s security; the larger the attack surface, the more insecure the system. ...
متن کاملAssessing Attack Surface with Component-Based Package Dependency
Package dependency has been considered in many vulnerability assessment systems. However, existing approaches are either coarse-grained and do not accurately reveal the influence and severity of vulnerabilities, or do not provide comprehensive (both incoming and outgoing) analysis of attack surface through package dependency. We propose a systematic approach of measuring attack surface exposed ...
متن کاملSome Vulnerabilities Are Different Than Others - Studying Vulnerabilities and Attack Surfaces in the Wild
The security of deployed and actively used systems is a moving target, influenced by factors not captured in the existing security metrics. For example, the count and severity of vulnerabilities in source code, as well as the corresponding attack surface, are commonly used as measures of a software product’s security. But these measures do not provide a full picture. For instance, some vulnerab...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009