Background. In the years between 2016 and 2017, the number of attacks against web application increased by approximately 21.89 percent. The total recorded amount of incidents during 2017 was 6,502. To assure security, patching and scanning are required. This assumes that the company is aware of all their external facing web applications. The company Outpost24 is observing an increased request for a solution capable of finding all external web application owned by one company. Objectives. This thesis study six methods to identify assets owned by one company. The methods are classified into weak and strong indicators. Based on the classifications, two algorithms are developed. The algorithms are executed against two companies, Outpost24 and Company A. The objective is to evaluate the six methods and decide if the methods are suitable for retrieving assets owned by one company. Methods. This study includes two experiments testing the two algorithms on two different companies. The experiments focus on to retrieve assets and data to make a decision upon the ownership of the assets. The observed data from the experiments are compared against data known by the two companies to verify if any data is unknown to the company prior to the experiment. Results. The results show that the identified methods are suitable for both identify assets and to decide upon ownership. Furthermore, assets not previously known was possible to identify. The results from the two methods are visualized as two node maps, providing an overview of identified assets. Conclusions. It was concluded that there are methods that are useful when extracting assets from one given assets, and there are methods useful for extracting data used when deciding upon the owner. The methods will assist companies in raising their own awareness of their external facing assets, and in some cases identify assets which were previously unknown to them.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:bth-16579 |
Date | January 2018 |
Creators | Sigurdsson, Victoria |
Publisher | Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0017 seconds