Return to search

Analys av sårbarheter från national vulnerability databas / Analysis of vulnerabilities from national vulnerability database

Today, digital development is happening at such a high rate that security is not as prioritized as it should be. When security is prioritized away, there is a high risk that vulnerabilities arise that malicious actors would like to exploit. It can be for accessing sensitive information, financial gain or simply bringing harm. In order for IT-security personnel to be able to more easily prevent and focus efforts on the vulnerabilities that are current today, this study aims to answer the following question: What is the trend of the most prevalent vulnerabilities? What is the trend of product owners with the most vulnerabilities? What is the trend based on the severity linked to the vulnerabilities? What is the trend of the impact on confidentiality, integrity, and accessibility? To answer the questions, a quantitative data analysis was done on the database from the National Vulnerability Database (NVD) together with the dataset from the Common Weakness Enumeration (CWE). The data set from CWE has been used to name and classify the vulnerabilities in NVD. Trends that have been identified in the analysis are as follows: injection, insufficient data authentication and uncontrolled resource consumption are vulnerabilities that have increased percentage every year since 2016. The impact of availability on the reported vulnerabilities declines as a percentage over the years. Vulnerabilities with a high impact on integrity, accessibility and confidentiality has decreased as a percentage.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:du-35127
Date January 2020
CreatorsBlomberg, Dennis
PublisherHögskolan Dalarna, Mikrodataanalys
Source SetsDiVA Archive at Upsalla University
LanguageSwedish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0022 seconds