Authors:
Lyazzat Atymtayeva
1
;
Serik Nurmyshev
2
and
Gulfarida Tulemissova
3
Affiliations:
1
Kazakh-British Technical University , Department of Information Systems Management, Kazakhstan
;
2
Kazakh-British Technical University, KBTU, Kazakhstan
;
3
Distance Learning Institute, Satpayev Kazakh National Research Technical University, KazNRTU, Kazakhstan
Keyword(s):
Active Information Security Audit, Vulnerability Scanners, Intelligent Approach, Fuzzy Expert Systems, Information Security Audit, Fuzzy Data Management.
Abstract:
Currently we observe increasing popularity of web technology that allows for reflecting traditional
businesses into web-based applications (web applications, for short). Such web applications are often
interesting to hackers aiming at stealing (confidential) user information; they would use such information
for personal gain. For providing the enough security level of computer and information systems the
companies should be interested in the regular information security active auditing. This process often
accompanies the checking and control of the security systems of enterprises but it is usually expensive by
finance, time and human resources consuming. The one of the tools for active security audit is the using of
vulnerability scanners especially for web applications security assessment. During the process of the web
applications checking the vulnerability scanners discover a lot of bugs in applications security system and
inform the users (auditors) by providing the list of vulne
rabilities. Despite of the various types of
vulnerability scanners only few of them may contain the intelligent tools which can facilitate the auditing
process. Therefore, there is a high demand for the development of intelligent security scanners that are
compliant with the de facto security standard of OWASP - the Open Web Application Security Project. We
argue that embedding intelligent tools (expert systems) in such vulnerability scanners would not only
increase effectiveness but would also decrease the cost of an OWASP auditing process. We can claim that
using fuzzy sets and logic theories may facilitate this process in terms of processing that concerns the
human expert contributions.
(More)