Identification and assessment of security attacks and vulnerabilities, utilizing CVE, CWE and CAPEC
Αναγνώριση και αποτίμηση επιθέσεων και αδυναμιών ασφάλειας με τη χρήση των προτύπων CVE, CWE και CAPEC
KeywordsMITRE ; Threat modeling ; Vulnerability assessment ; Search engines ; Data parsing ; Network scanning ; Penetration testing
The identification and assessment of security vulnerabilities, as well as their linkage with potential security threats and attacks is a challenging task. Although the identification and assessment of software vulnerabilities used to depend only on the vendor side, the continuously increased complexity and interconnectivity of ICT systems has created the need for a unified classification and scoring of security vulnerabilities. Initiative on the matter was taken by the MITRE corporation as early as 1999 with the Common Vulnerabilities and Exposures (CVE), which was later on extended by the Common Weakness Enumeration (CWE) and the Common Attack Pattern Enumeration and Classification (CAPEC). Furthermore, NIST’s NVD is currently synchronized with the CVE list. Along with the entry list, NIST is using the Common Vulnerability Scoring System which provides a consistent way of calculating the severity of vulnerabilities based on certain key characteristics, thus enriching the existing entries. This information is being constantly used and updated, in order to remain relevant with current issues. Although there are existing links between CVEs and CWEs in NIST’s NVD database, there are no existing connections between CVEs and CAPEC. The main goal of this thesis is to develop a search engine in order to link specific security vulnerabilities (i.e. CVEs) with related attack patterns (i.e. CAPEC), using the abstract weaknesses enumerations (CWE) as a connecting dot. Such a search engine will assist security experts and system administrators to further understand threats that could compromise their IT assets and effectively mitigate the specific vulnerabilities that may trigger threats of high risk. Furthermore, an attempt is made to classify and present the CVE’s identified by a port scanning tool called Nmap, based on their CVSS scores on the mentioned lists.