A Risk Assessment of Web Server: Impact Classification by Loss Type

K. Piromsopa, T. Rojkangsadan, and N. Prompoon (Thailand)


Risk Management, Web Server, Vulnerability, Secure


Risk assessment is required by many organizations as a basis for deciding which solutions are to be implemented to secure systems. A variety of risk assessment techniques and tools have been developed. Concerning the usage of web server in real world applications, this paper proposes architecture for web server risk assessment. The architecture is based on CVE (Common Vulnerabilities and Exposures). Regarding the concerned components of computer security, the weighted impact is classified into confidentiality, integrity and availability. The developed tool used in this paper collects the related information via Hypertext Transfer Protocol (HTTP). The web server error risk is calculated from the collected information. The last part of this paper is the comparison of the risk value of web server under the different domains in Thailand.

Important Links:

Go Back