The Cyber Threats Analysis for Web Applications Security in Industry 4.0
- 40 Downloads
The article shows the trends of cybersecurity threats occurrence for web applications and the recommendations for security in organizations of Industry 4.0, based on reports study published by web security experts in the Open Web Application Security Project (OWASP), NIST (National Institute of Standards and Technology), and MITRE (The MITRE Corporation). The article presents the diversity and variability of security threats for web applications. The area of research involves the threat categories established in cybersecurity reports, as well as recently published data collected from monitoring of cyber-threats over the changes during the past twenty years by OWASP and NIST, and MITRE. The research goal of the article is to analyse frequency of security threats for web applications based on OWASP data published in years 2003–2017, and to obtain answers to three main research questions on the dynamics of variability of specific security threats for web applications security in Industry 4.0. The article presents the role and tasks of the OWASP foundation as a key example of organization dealing with security of web applications, and other selected organizations of this type operating in the world, i.e. NIST and MITRE. The frequency of occurrence of web application threats in years 2003–2017 was compared according to data published in OWASP reports. The unique threat to security of web applications that occurred only once in the analysed period, and those that are repetitive at different time periods was determined, as well as the latest threats that emerged in 2017 by OWASP, and the recommendations for organizations of Industry 4.0 were described. In order to obtain answers to research questions, an in-depth literature analysis based on book sources as well as legal acts and reports published on the Internet was used, and analysis of source data from OWASP, NIST, and MITRE reports was carried out. The results were interpreted based on vulnerability reports analysis and the recommendations for security management in next wave of developing Industry 4.0 were proposed.
KeywordsCybersecurity OWASP Vulnerability Web application Industry 4.0
- 2.Kuhn, D. R., Raunak, M. S., & Kacker, R. (2017, July). An analysis of vulnerability trends, 2008–2016. In Proceedings, Software Quality, Reliability and Security (QRS-C), 2017 IEEE International Conference (pp. 587–588).Google Scholar
- 4.Ponnambalam, S. G., Subramanian, N., Tiwari, M. K., & Yusoff, W. A. W. (2019). Industry 4.0 and hyper-customized smart manufacturing supply chains (p. 94, 245). IGI Global.Google Scholar
- 5.Ng H. S. (2020). Opportunities, challenges, and solutions for industry 4.0. In A. Ö. Tunç & P. Aslan (Eds.), Business management and communication perspectives in industry 4.0 (pp. 32–51). IGI Global.Google Scholar
- 6.Kuhn, R., Raunak, M., & Kacker, R. (2017, Nov–Dec). Evaluation of web vulnerability scanners based on OWASP benchmark. IT Professional, 19(6), 66–70.Google Scholar
- 7.Banasiński, C. (Ed.). (2018). Cyberbezpieczeństwo. Wolters Kluwer Polska, Polska: Zarys wykładu.Google Scholar
- 8.Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing regulation (EU) No 526/2013 (Cybersecurity Act) (Text with EEA relevance). https://eur-lex.europa.eu/legal-cotent/EN/TXT/?uri=uriserv:OJ.L_.2019.151.01.0015.01.ENG&toc=OJ:L:2019:151:TOC. Last accessed 01 July 2019.
- 9.The European Union Agency for Cybersecurity—A new chapter for ENISA. https://www.enisa.europa.eu/news/enisa-news/the-european-union-agency-for-cybersecurity-a-new-chapter-for-enisa. Last accessed 26 June 2019.
- 10.Czaplicki, K., Gryszczyńska, A., & Szpor, G. (2019). Ustawa o krajowym systemie cyberbezpieczeństwa. Wolters Kluwer Polska, Polska: Komentarz.Google Scholar
- 11.Dz.U. 2018 poz. 1560 USTAWA z dnia 5 lipca 2018 r. o krajowym systemie cyberbezpieczeństwa. http://prawo.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001560/T/D20181560L.pdf. Last accessed 01 July 2019.
- 12.Reforma cyberbezpieczeństwa w Europie. https://www.consilium.europa.eu/pl/policies/cyber-security/. Last accessed 29 June 2019.
- 14.Von Scheel, H. (2019, May). Demystify the industry 4.0 and move beyond hype. Digital Biz Magazin, Special Edition.Google Scholar
- 17.OWASP risk rating methodology. https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology. Last accessed 25 June 2019.
- 18.About the open web application security project. https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project. Last accessed 03 Apr 2019.
- 19.Webcesurity about OWASP. http://websecurity.pl/co-oferuje-nam-owasp/. Last accessed 03 Apr 2019.
- 20.Browse CVE vulnerabilities by date. https://www.cvedetails.com/browse-by-date.php. Last accessed 15 May 2019.
- 21.NVD-CWE overtime. https://nvd.nist.gov/vuln/visualizations/cwe-over-time. Last accessed 01 June 2019.
- 22.CWE. (2011). CWE/SANS top 25 most dangerous software errors. https://cwe.mitre.org/top25/. Last accessed 01 June 2019.
- 23.OWASP top 10. (2004). https://www.owasp.org/index.php/2004_Updates_OWASP_Top_Ten_Project. Last accessed 03 Apr 2019.
- 24.OWASP. (2017). Top 10 presentation—Constantly learning. http://bretthard.in/post/owasp-2007-top-10-presentation. Last accessed 04 Apr 2019.
- 25.The top 10 most critical web application security risks in 2010. https://www.owasp.org/images/6/67/OWASP_AppSec_Research_2010_OWASP_Top_10_by_Wichers.pdf. Last accessed 06 Apr 2019.
- 26.OWASP Top 10. (2013). https://www.owasp.org/images/f/f8/OWASP_Top_10_-_2013.pdf. Last accessed 06 Apr 2019.
- 27.OWASP Top 10. (2017). https://www.owasp.org/images/b/b0/OWASP_Top_10_2017_RC2_Final.pdf. Last accessed 06 Apr 2019.