The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Walaupun laman web menjadi semakin kompleks setiap hari, kesukaran mengurusnya juga semakin meningkat. Adalah penting untuk menjalankan penyelenggaraan tetap terhadap laman web yang kompleks ini untuk mengukuhkan keselamatan mereka dan meningkatkan daya tahan siber mereka. Walau bagaimanapun, salah konfigurasi dan kelemahan masih ditemui pada beberapa halaman tapak web dan serangan siber terhadapnya tidak berkesudahan. Dalam makalah ini, kami mengambil pendekatan baru untuk menerapkan konsep tadbir urus keselamatan ke laman web; dan, sebagai sebahagian daripada ini, mengukur ketekalan tetapan perisian dan versi yang digunakan pada tapak web ini. Lebih tepat lagi, kami menganalisis berbilang halaman web dengan nama domain yang sama dan mengenal pasti perbezaan dalam tetapan keselamatan pengepala HTTP dan versi perisian antaranya. Selepas menganalisis lebih 8,000 tapak web organisasi global yang popular, hasil pengukuran kami menunjukkan bahawa lebih separuh daripada tapak web yang diuji mempamerkan perbezaan. Sebagai contoh, kami mendapati tapak web berjalan pada pelayan web yang versinya berubah bergantung pada akses dan menggunakan pustaka JavaScript dengan versi berbeza merentas separuh daripada halaman yang diuji. Kami mengenal pasti punca kegagalan tadbir urus tersebut dan mencadangkan rancangan penambahbaikan.
Yuta TAKATA
Deloitte Tohmatsu Cyber LLC
Hiroshi KUMAGAI
Deloitte Tohmatsu Cyber LLC
Masaki KAMIZONO
Deloitte Tohmatsu Cyber LLC
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Salinan
Yuta TAKATA, Hiroshi KUMAGAI, Masaki KAMIZONO, "The Uncontrolled Web: Measuring Security Governance on the Web" in IEICE TRANSACTIONS on Information,
vol. E104-D, no. 11, pp. 1828-1838, November 2021, doi: 10.1587/transinf.2021NGP0003.
Abstract: While websites are becoming more and more complex daily, the difficulty of managing them is also increasing. It is important to conduct regular maintenance against these complex websites to strengthen their security and improve their cyber resilience. However, misconfigurations and vulnerabilities are still being discovered on some pages of websites and cyberattacks against them are never-ending. In this paper, we take the novel approach of applying the concept of security governance to websites; and, as part of this, measuring the consistency of software settings and versions used on these websites. More precisely, we analyze multiple web pages with the same domain name and identify differences in the security settings of HTTP headers and versions of software among them. After analyzing over 8,000 websites of popular global organizations, our measurement results show that over half of the tested websites exhibit differences. For example, we found websites running on a web server whose version changes depending on access and using a JavaScript library with different versions across over half of the tested pages. We identify the cause of such governance failures and propose improvement plans.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2021NGP0003/_p
Salinan
@ARTICLE{e104-d_11_1828,
author={Yuta TAKATA, Hiroshi KUMAGAI, Masaki KAMIZONO, },
journal={IEICE TRANSACTIONS on Information},
title={The Uncontrolled Web: Measuring Security Governance on the Web},
year={2021},
volume={E104-D},
number={11},
pages={1828-1838},
abstract={While websites are becoming more and more complex daily, the difficulty of managing them is also increasing. It is important to conduct regular maintenance against these complex websites to strengthen their security and improve their cyber resilience. However, misconfigurations and vulnerabilities are still being discovered on some pages of websites and cyberattacks against them are never-ending. In this paper, we take the novel approach of applying the concept of security governance to websites; and, as part of this, measuring the consistency of software settings and versions used on these websites. More precisely, we analyze multiple web pages with the same domain name and identify differences in the security settings of HTTP headers and versions of software among them. After analyzing over 8,000 websites of popular global organizations, our measurement results show that over half of the tested websites exhibit differences. For example, we found websites running on a web server whose version changes depending on access and using a JavaScript library with different versions across over half of the tested pages. We identify the cause of such governance failures and propose improvement plans.},
keywords={},
doi={10.1587/transinf.2021NGP0003},
ISSN={1745-1361},
month={November},}
Salinan
TY - JOUR
TI - The Uncontrolled Web: Measuring Security Governance on the Web
T2 - IEICE TRANSACTIONS on Information
SP - 1828
EP - 1838
AU - Yuta TAKATA
AU - Hiroshi KUMAGAI
AU - Masaki KAMIZONO
PY - 2021
DO - 10.1587/transinf.2021NGP0003
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E104-D
IS - 11
JA - IEICE TRANSACTIONS on Information
Y1 - November 2021
AB - While websites are becoming more and more complex daily, the difficulty of managing them is also increasing. It is important to conduct regular maintenance against these complex websites to strengthen their security and improve their cyber resilience. However, misconfigurations and vulnerabilities are still being discovered on some pages of websites and cyberattacks against them are never-ending. In this paper, we take the novel approach of applying the concept of security governance to websites; and, as part of this, measuring the consistency of software settings and versions used on these websites. More precisely, we analyze multiple web pages with the same domain name and identify differences in the security settings of HTTP headers and versions of software among them. After analyzing over 8,000 websites of popular global organizations, our measurement results show that over half of the tested websites exhibit differences. For example, we found websites running on a web server whose version changes depending on access and using a JavaScript library with different versions across over half of the tested pages. We identify the cause of such governance failures and propose improvement plans.
ER -