Submit Search
Upload
Vulnerability Management System
•
0 likes
•
6 views
IRJET Journal
Follow
https://www.irjet.net/archives/V9/i9/IRJET-V9I9172.pdf
Read less
Read more
Engineering
Report
Share
Report
Share
1 of 6
Download now
Download to read offline
Recommended
A Study on Vulnerability Management
A Study on Vulnerability Management
IRJET Journal
IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing Suite
IRJET Journal
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability Assessment
VESIT/University of Mumbai
Vulnerability Management in IT Infrastructure
Vulnerability Management in IT Infrastructure
IRJET Journal
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET Journal
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET Journal
INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEM
IRJET Journal
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence Flaws
IJTET Journal
Recommended
A Study on Vulnerability Management
A Study on Vulnerability Management
IRJET Journal
IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing Suite
IRJET Journal
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability Assessment
VESIT/University of Mumbai
Vulnerability Management in IT Infrastructure
Vulnerability Management in IT Infrastructure
IRJET Journal
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET Journal
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET Journal
INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEM
IRJET Journal
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence Flaws
IJTET Journal
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
todd521
Web Applications Assessment Tools: Comparison and Discussion
Web Applications Assessment Tools: Comparison and Discussion
EECJOURNAL
IRJET - IDS for Wifi Security
IRJET - IDS for Wifi Security
IRJET Journal
Self-Protecting Technology for Web Applications
Self-Protecting Technology for Web Applications
IRJET Journal
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
jeanettehully
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
todd521
Research Paper
Research Paper
David Chaponniere
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdf
ElanusTechnologies
Web app penetration testing best methods tools used
Web app penetration testing best methods tools used
Zoe Gilbert
Globally.docx
Globally.docx
GermanERuizCorrales
IRJET- Android Malware Detection System
IRJET- Android Malware Detection System
IRJET Journal
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration Testing
YogeshIJTSRD
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
Bhagyashri Chalakh
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
martinvoelk
Vulnerability , Malware and Risk
Vulnerability , Malware and Risk
SecPod Technologies
Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.
IRJET Journal
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability Scan
IRJET Journal
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...
eSAT Publishing House
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET Journal
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security Model
IRJET Journal
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
IRJET Journal
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
IRJET Journal
More Related Content
Similar to Vulnerability Management System
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
todd521
Web Applications Assessment Tools: Comparison and Discussion
Web Applications Assessment Tools: Comparison and Discussion
EECJOURNAL
IRJET - IDS for Wifi Security
IRJET - IDS for Wifi Security
IRJET Journal
Self-Protecting Technology for Web Applications
Self-Protecting Technology for Web Applications
IRJET Journal
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
jeanettehully
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
todd521
Research Paper
Research Paper
David Chaponniere
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdf
ElanusTechnologies
Web app penetration testing best methods tools used
Web app penetration testing best methods tools used
Zoe Gilbert
Globally.docx
Globally.docx
GermanERuizCorrales
IRJET- Android Malware Detection System
IRJET- Android Malware Detection System
IRJET Journal
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration Testing
YogeshIJTSRD
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
Bhagyashri Chalakh
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
martinvoelk
Vulnerability , Malware and Risk
Vulnerability , Malware and Risk
SecPod Technologies
Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.
IRJET Journal
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability Scan
IRJET Journal
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...
eSAT Publishing House
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET Journal
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security Model
IRJET Journal
Similar to Vulnerability Management System
(20)
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Web Applications Assessment Tools: Comparison and Discussion
Web Applications Assessment Tools: Comparison and Discussion
IRJET - IDS for Wifi Security
IRJET - IDS for Wifi Security
Self-Protecting Technology for Web Applications
Self-Protecting Technology for Web Applications
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Research Paper
Research Paper
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdf
Web app penetration testing best methods tools used
Web app penetration testing best methods tools used
Globally.docx
Globally.docx
IRJET- Android Malware Detection System
IRJET- Android Malware Detection System
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration Testing
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
Vulnerability , Malware and Risk
Vulnerability , Malware and Risk
Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability Scan
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
IRJET- 3 Juncture based Issuer Driven Pull Out System using Distributed Servers
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security Model
More from IRJET Journal
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
IRJET Journal
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
IRJET Journal
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
IRJET Journal
Effect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil Characteristics
IRJET Journal
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
IRJET Journal
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
IRJET Journal
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
IRJET Journal
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
IRJET Journal
A REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADAS
IRJET Journal
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
IRJET Journal
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
IRJET Journal
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
IRJET Journal
Survey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare System
IRJET Journal
Review on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridges
IRJET Journal
React based fullstack edtech web application
React based fullstack edtech web application
IRJET Journal
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
IRJET Journal
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
IRJET Journal
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
IRJET Journal
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
IRJET Journal
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
IRJET Journal
More from IRJET Journal
(20)
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
Effect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil Characteristics
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADAS
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
Survey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare System
Review on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridges
React based fullstack edtech web application
React based fullstack edtech web application
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Recently uploaded
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
Asst.prof M.Gokilavani
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptx
vipinkmenon1
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
RajaP95
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
jennyeacort
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
9953056974 Low Rate Call Girls In Saket, Delhi NCR
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
ranjana rawat
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
Suhani Kapoor
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
null - The Open Security Community
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
959SahilShah
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
ssuser7cb4ff
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
DeelipZope
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
PoojaBan
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
KurinjimalarL3
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
VICTOR MAESTRE RAMIREZ
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Dr.Costas Sachpazis
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
eptoze12
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
Suhani Kapoor
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Anamika Sarkar
Recently uploaded
(20)
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptx
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Vulnerability Management System
1.
International Research Journal
of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 976 Vulnerability Management System Pravin P. Kharat1, Prof. Pramila M. Chawan2 1M. Tech Student, Dept of Computer Engineering and IT, VJTI College, Mumbai, Maharashtra, India 2Associate Professor, Dept of Computer Engineering and IT, VJTI College, Mumbai, Maharashtra, India ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - In simple terms, a vulnerability in cyber security refers to any fault or flaw, or weakness in an information system, internal controls, or system processes of an organization. It can also be defined as a flaw or a fault in the source code design which determines the application malfunctions. Therefore, a good Vulnerability Management plan should be implemented to avoid attacks on the system or to minimize the damages produced by a cyberattack.Toavoid such damages manual source code inspections or security audits are performed, which requires highly trained cyber security engineers, and it requiresmoretime, which isproneto errors. For this reason, there is a need to automate such processes to discover vulnerabilities. This results in the implementation of the Vulnerability Management System, which will automate security testing for the identification of vulnerabilities caused in the software products. Key Words: Vulnerability, Vulnerability Management System, Algorithm, Software testing, Web based application. 1. INTRODUCTION Many organizations have embraced the technologiessuchas software applications, web applications, software products, and many more to explore their new business opportunities and few organizations are beingforcedtoadopte-commerce due to advancementsinsoftwaretechnologies,customers,or competitors. Software applications and web applications have been gaining popularity day by day, and these applications come up with different components which are highly complex and written bydifferentsoftwaredevelopers in different smaller chunks. Most of these applications failto give proper output due to untreated cases or flaws. Therefore, the software application or Operating system which contains untreated cases, flaws, or weaknesses are known as software vulnerabilities. Later, the flaws in the source code of the application can be exemplifiedasanentry point for the hacker and can be treated as a software vulnerability. Despite all the security measures, the number of vulnerabilities discovered continues to grow as the number of users using the internet has increased. Any device which contains software functions can tend to have source code errors, logical errors, and flaws. Thus, the existence of detection techniquesismandatoryforsoftwarevulnerability remediation as well as prevention. To avoid such situations manual testing, security audits, or code inspections are to be performed by highly skilled cyber security engineers or experts. But as it is labour intensive and expensive and prone to errors; automating the above steps to discover respective vulnerabilities for the software applications is required. 1.1 Software Vulnerabilities An error or a flaw or a weakness of the application's source code that an attacker or a hacker can take advantage of is known as software vulnerability. These errors tend to make the system function abnormally and undesirable actions. These flaws or errors in code may arise due to the lack of knowledge of the developer or programmer who is developing the software application. These flawsmayleadto system crashes, loss of data, reputational damage, major damage to the targeted system, loss of customers, personal data being exposed, etc. 1.2 Types of Vulnerabilities The common security goals i.e., confidentiality, availability, integrity, non-repudiation, and usability, can be affected by the software vulnerabilities. Following listed below are cyberattacks associated with software vulnerabilities: Phishing: Phishing is a cyberattack that attempts to steal sensitive information.Thissensitiveinformationcanbelogin credentials and credit card details. This attack can also be a form of social engineering where an attackertriestomislead the user into clicking a maliciouslink created bytheattacker, downloading some malicious attachments, or revealing sensitive data. DDoS Attacks: Distributed denial of service attack is an attempt to spoil an online service or a website or a server or network by making it unavailable by sending many access requests that it cannot manage. Computer Viruses: Computer code or a program that modifies the way a computer behaves is known as Viruses. They are meant to spread through contaminated data, files, and insecure networks. And once it enters the system, it can replicate and spread from one programtoanotherandinfect other computer systems also.
2.
International Research Journal
of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 977 Attack Vectors: Attack vector is a malicious term used to discover system vulnerability points, launchcyberattacksor install malicious software. Following are the four important attack vectors: Drive-by, Zero-day attack, MITM (man in the middle), SQL Injection. Vulnerability Management System is not only intended to identify and evaluate vulnerability, but it will alsogeneratea detail report which will report of the vulnerability point found in the software application which will be tested. 2. LITERATURE REVIEW In thissection summarization oftheexistingresearchworkis done. A new vulnerable management system will be created based on the existing work with additional functionality. Mădălina Aldea.[1] The author in this paper has introduceda new vulnerability management system i.e., SV – IMS – Software Vulnerability Integrated Management System.This system can perform security tests to detect software vulnerabilities and the result of this test can be viewed upon a dedicated platform. It also gives defines the CVSS i.e., Common Vulnerability Scoring System, which is an international scoring system that describes how severe a vulnerability is. Robert A. Martin.[2] The author in this research paper describes Common Vulnerability Exposure (CVE) and Open Vulnerability Assessment Language (OVAL) which are a pair of international, community-based efforts amongstindustry, government, and academia. Where CVE is aimed to create a means for making vulnerability alerts more applicable to individual enterprises and OVAL is aimed to provide the means for standardized vulnerability assessment and result in uniform and standardized information assurance parameters for systems. GeonLyang Kim.[3] The author of this research paper has introduced a new method for constructing and managing Vulnerabilities by creating a vulnerability database. In this research work,a new National VulnerabilityDatabase(NDV) system is created which can be used by various enterprises. While referring a new vulnerability found can also be registered in the NVD system. Manoj Kumar.[4] In this author proposed a framework that uses a knowledge base and inference engine. Using this the vulnerability management automatically takes required actions, classifies, prioritizes,and mitigatesthevulnerability. The proposed system reduces the threats, security risks,and reputational and Monterey loss. Chee-Wooi Ten.[5] This Author has proposed a Vulnerability assessment framework that evaluatesthevulnerabilityofthe SCADA system. This is done at three levels – System, Scenarios, and access points. This framework is based on the system which has firewall and password models. This proposed framework also evaluates the impact of the attack launched and countermeasures are identified for improvement of cyber security. Jan-Min Chen.[6] In this paper, the author has implemented an automated vulnerability scanner that identifies the injection attack vulnerabilities. This system automatically examines the website to find the XSS and SQL injection vulnerabilities. The proposed system also uses NVD i.e., National Vulnerability Database. Andrey Fedorchenko.[7] In this research paper, the author has proposed the process of integrating a vulnerability database system. Thisintegrateddatabasecanbeusedforthe further application of security systems. In this paper, the structureof the vulnerabilities databaseissuggested,andthe process of vulnerabilities database generation is suggested. 3. PROPOSED SYSTEM 3.1 Problem Statement To developa VulnerabilityManagement System(VMS)which will detect vulnerability using source code and Binary code analysis of the software product and also analyze the intensity of the vulnerability found. 3.2 Proposed Methodology A hybrid algorithm is developed which automates the process of scanning software applications. The majorgoal of the proposed algorithm is to automate and increase the accuracy of vulnerability detection. Although theaccuracyis not achieved at 100% but an effort is made to put up the proposed system above the existing systems. The proposed hybrid algorithm is similar to the existing algorithms. The OWASP results are considered with the output for better reasoning andunderstanding.OWASPresultsareupdatedon the regular basis to avoid any inconvenience. The proposed system’s hybrid algorithm is mainly based on the concept of combining different features which are of different components. This will result in the new algorithm which will give more impactful results on the respective scans. Therefore, the combination of such features from different components has been done based on optimization and sophistication among other componentswiththegoal of increasing the accuracy or efficiency ofthehybridalgorithm. The Hybrid algorithm mainly consists of five phases i.e., Inspection, Scanning, Attack Detection, Analysis, and Reporting. The inspection which can also be called crawling, mainly focuses on fetching information about the application. The more informationgatheredinthisphasethe more successful the entire executed scan will be.Afterphase 1, phase 2 consists of scanning. Scanning is the process in which the algorithm will identify the weaknessofthesystem on which the scan is been initiated. Once the scanning
3.
International Research Journal
of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 978 process is completed, the next step will be to identify the attacks or vulnerabilities and perform an analysistoidentify the vulnerability definition and remediation methods. Later Reporting phase is initiated to generate a well informative report for the scan which was performed. Fig -1: Component of VMS A detailed description of the flow for the developed Hybrid algorithm: Fig -2: Flowchart for VMS The initial stage accordingtothephasediagramisinspection which can be called as requirementorinformationgathering stage. After phase 1, the next process involves mainly crawling and parsing, and identifying new vulnerabilities. Phase 2 is repeated until all the vulnerabilities of the applications are not discovered. A further step includes analysis of the vulnerabilities found to identify proper definitions according to the OWASP and getting proper remediation for the same. Further, this analysis is summarized, and the final report is generated as an end result. Input: Input is mainly provided by the user who is going to initiate the scanning. This input can be an IP address or the URL for the application which needs to be scanned by the VMS. Processing: This step mainly involves fuzzing, crawling the pages, and identifyingthe weakness,andlatervulnerabilities are identified based on the weaknesses identified. Output: Output will be generated after the proper analysis process is done. Fig -3: Flowchart for XSS
4.
International Research Journal
of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 979 Many different scanning methodsareusedinVMSalgorithm, considering one following method is used for Cross Site Scripting: 1. For each URL in the list of the visited URLs a) Identify all parameters b) Push the parameters in the list. c) For each of the parameter in the list i) give input as a XSS test case or script to the parameter and pass the request. ii) verify the respective response 2. Report the Vulnerability 3.3 Tools These experiments or practical were performed by running different methods/tool with its respective scripts. These methods were installedand executedonVirtual machine and have the similar configurations and resources. 1. Nmap: For probing computer networks, Nmap offers several functions, including host discovery, service detection, and operating system detection. Scripts that offer more sophisticated service discovery, vulnerability detection, and other features can extend these features. During a scan, Nmap can adjust to changing network conditions, such as latency and congestion. 2. Dirbuster: DirBuster is an application with a GUI interfacedeveloped in Java. It is used to find concealed files and directories by brute-forcing files & directorieswiththeaimofgainingsome significant information that could help in cyber-attacks. A wordlist could influence how effective such a tool is; the more effective the wordlist, the more effective the instrument. 3. Xsser: Cross-Site "Scripter" (also known as XSSer) is an automatic framework for finding, using andreporting XSSflawsinweb- based applications. There are numerous ways to attempt to get around particular filters, as well as numerous unique code injection strategies. 4. Dnswalk: A DNS (Domain Name System) debugger is called Dnswalk. Dnswalk carries out zone transfers for specified domains and executes precise database integritychecksina variety of ways. 5. whois: A query and response protocol i.e., WHOIS, which is pronounced "who is," is frequently used for accessing databases that list the registered users or assignees of Internet resources like domain names, blocks of IP addresses, and autonomous systems. On most UNIX systems, the command-line utility used to do WHOIS protocol searches is called whois. Additionally, Referral Whois is a sibling protocol of WHOIS (RWhois). 6. Nikto: Nikto is a free command-line vulnerabilityscannerthatlooks for unsafe files/CGIs, out-of-date server software, and other issues on web servers. Checks are run on both generic and server-specific levels. Any cookies that are received are also recorded and printed. The data files used by Nikto to runthe program are not free software, but the Nikto code itself is. Nikto can identify more than 6700 potentially harmful files and CGIs, as well as version-specific issuesonmorethan270 servers and obsolete versions on more than 1250 servers. Nikto can also identify installed web servers and software and checks for server configuration elements. 7. Dnsmap: Dnsmap uses an internal or external wordlist to search a domain for common subdomains (if specified using -w option). There are about 1000 words in both English and Spanish on the internal wordlist, including ns1, firewall services, and smtp. Therefore, an automatic search for smtp.example.com within example.comwill beavailable.For additional processing, results can be saved in CSV and human-readable formats. Dnsmap should not be executed with root privileges for security reasons because it does not need them to function. 9. Uniscan: An open-source program called Uniscan can check web applications for serious flaws including cross-site scripting, blind SQL injection, remote file inclusion, web shell vulnerabilities, and hidden backdoors, among others. In addition to assessing vulnerabilities, Uniscan has the ability to search Google and Bing for domains using shared IP addresses. 3.4 Resources required for the VMS tool Operating System: Kali Linux or Ubuntu OS or System configured with Virtual Machine with same OS. The system and virtual machines specifications are as - processor, 2.6 GHZ Core i5, 2 GB RAM, 100 GB HDD and OS as above mentioned.
5.
International Research Journal
of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 980 4. RESULTS AND DISCUSSION Fig -4: Screenshot for web app of VMS tool Fig -5: Screenshot of VMS URL input Fig -6: Screenshot of VMS tool output Vulnerability Management System generated better and faster results overall. It can automate the VA and PT process till particular instance. Also, it is able to identify the present vulnerabilities and specific remediation based on the vulnerability found and generate report with severity levels accordingly. The sole disadvantage is that, according to reports, it takes more time to scan than the majority of the web scanners utilized in this study. Although its performance is not perfect, compared to other tools, it has a larger capacity to detect more flaws. 5. CONCLUSION & RECOMMENDATIONS 5.1 Conclusion The proposed Vulnerability Management System based on the hybrid algorithm extensively work to identify vulnerabilities basedonsoftware-basedapplications.Testing of such applicationsisdoneforsafeguardingit.Thesuggested hybrid method presents additional vulnerabilities and does so in a professional manner when reporting those that have been found. However, because not all of the current vulnerabilities were completely scanned by the suggested hybrid approach. To make sure that "deep" crawling was carried out, thealgorithm'scrawlingcomponentneededtobe increased. The resultsalsoindicatethattheproposedmethod needs to be improved in order to complete the scanning quickly. To create an algorithm with the ability to identify more vulnerabilities, more study and research is required. 5.2 Recommendations i) Improve crawling capabilities: The proposed hybrid algorithm requires more methods and functions for crawling mechanisms so that VMS will be able to scan all the contents of any URL or a web application, without skipping any content of the webpage. ii) Improve Analysis and Reporting: VMS algorithms need to improve the accuracy so that the identified vulnerability can be stated with the severity level. To obtain high-end accuracy more sophisticated methods must be used during the scanning processwhichwill require more research and practical implementation of the algorithm. VMS system can be upgraded for analysis and reporting in such a way that the vulnerabilities can be visualized and can be shown in a representablemannerwith the severity levels. iii) Reducing scanning time: There need to be proper results which is generated in short time frame with better accuracy and reporting. It needs to improve overall scanning method using more scripts and identification of more vulnerabilities. REFERENCES [1] Mădălina Aldea, Daniel Gheorghică, Victor Croitoru, “Software Vulnerabilities Integrated Management System”, 2020 13th International Conference on Communications (COMM), IEEE, 2020: pp. 97 - 102, doi: 10.1109/COMM48946.2020.9141970 [2] Robert A. Martin, “IntegratingYourInformationSecurity Vulnerability Management Capabilities Through Industry Standards (CVE & OVAL)”, 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance, pp. 1528 – 1533), doi: 10.1109/ICSMC.2003.1244628 [3] GeonLyang Kim, JinTae Oh, DongI Seo, JeongNyeo Kim, “The Design of Vulnerability Management System”, IJCSNS International Journal of Computer Science and Network Security, VOL.13 No.4, April 2013: pp. 19 – 24 [4] Manoj Kumar, Arun Sharma, “An integrated framework for software vulnerability detection, analysis and mitigation: an autonomic system”, Indian Academy of Sciences Sadhana Vol. 42, No. 9, September 2017, pp. 1481–1493, doi: 10.1007/s12046-017-0696-7
6.
International Research Journal
of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 09 | Sep 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 981 1’st Author Photo [5] Chee-Wooi Ten, Chen-Ching Liu, Govindarasu Manimaran, “Vulnerability AssessmentofCybersecurity for SCADA Systems”, IEEE Transactions on Power Systems, Vol. 23, no. 4, November 2008, pp. 1836-1846, doi: 10.1109/TPWRS.2008.2002298 [6] Jan-Min Chen, Chia-Lun Wu, “An automated vulnerability scanner for injection attack based on injection point”, 2010 International Computer Symposium (ICS2010), 16-18 Dec. 2010, pp. 113 – 118, doi: 10.1109/COMPSYM.2010.5685537 [7] Andrey Fedorchenko, Igor Kotenko, Andrey Chechulin, “Design of Integrated Vulnerabilities Database for Computer Networks Security Analysis”, 2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing, 4-6 March 2015, pp. 559-566, doi: 10.1109/PDP.2015.38 [8] Armold; Hyla, Rowe, “Automatically Building an Information-Security Vulnerability Database”, 2006 IEEE Information Assurance Workshop”, 21-23 June 2006, pp. 376-377, doi: 10.1109/IAW.2006.1652119 [9] Ching-Huang Lin, Chih-Hao Chen, Chi-Sung Laih, “A Study and Implementation of Vulnerability Assessment and Misconfiguration Detection”,2008IEEEAsia-Pacific Services Computing Conference, 9-12 Dec. 2008, pp. 1252-1257, doi: 10.1109/APSCC.2008.212 [10] Yu, Y., Yang, Y., Gu, J., & Shen, L. (2011). Analysis and suggestions for the security of web applications. In Computer Science and Network Technology (ICCSNT), 2011 International Conference on, Vol. 1, pp. 236-240 [11] Pravin Kharat, Pramila Chawan, “Vulnerability Management System”, 2021 International Research Journal of Engineering and Technology (IRJET), 25-28 Nov 2021 BIOGRAPHIES Pravin P. Kharat M Tech. Dept. of Computer Engineering – NIMS, VJTI, Mumbai Prof. Pramila M. Chawan, is working as an Associate Professor in the Computer Engineering Department of VJTI, Mumbai. She has done her B.E. (Computer Engineering) and M.E. (Computer Engineering) from VJTI College of Engineering, Mumbai University. She has 28 years of teaching experienceandhasguided 85+ M. Tech. projects and 130+ B. Tech. projects. She has published 143 papers in the International Journals, 20 papers in the National/International Conferences/ Symposiums. She has worked as an Organizing Committee member for 25 International Conferences and 5 ICTE/MHRD sponsored Workshops/STTPs/FDPs. She has participated in 16 National/International Conferences. Worked as Consulting Editor on – JEECER, JETR, JETMS, Technology Today, JAM&AER Engg. Today, The Tech. World Editor – Journals of ADR Reviewer -IJEF, Inters cience She has worked as NBA Coordinator of the Computer Engineering Department of VJTI for 5 years. She had written a proposal under TEQIP-I in June2004 for ‘Creating Central Computing Facility at VJTI’. Rs. Eight Crore were sanctioned by the World Bank under TEQIP-I on this proposal. Central Computing Facility was set up at VJTI through this fund which has playeda key role in improving the teaching learning process at VJTI. warded by SIESRP with Innovative & Dedicated Educationalist Award Specialization: Computer Engineering & I.T. in 2020 AD Scientific Index Ranking (World Scientist and University Ranking 2022) – 2nd Rank- Best Scientist, VJTI Computer Science domain 1138th Rank- Best Scientist, Computer Science, India.
Download now