Advertisement

The Cyber Threats Analysis for Web Applications Security in Industry 4.0

  • Anna Sołtysik-PiorunkiewiczEmail author
  • Monika Krysiak
Chapter
  • 40 Downloads
Part of the Studies in Computational Intelligence book series (SCI, volume 887)

Abstract

The article shows the trends of cybersecurity threats occurrence for web applications and the recommendations for security in organizations of Industry 4.0, based on reports study published by web security experts in the Open Web Application Security Project (OWASP), NIST (National Institute of Standards and Technology), and MITRE (The MITRE Corporation). The article presents the diversity and variability of security threats for web applications. The area of research involves the threat categories established in cybersecurity reports, as well as recently published data collected from monitoring of cyber-threats over the changes during the past twenty years by OWASP and NIST, and MITRE. The research goal of the article is to analyse frequency of security threats for web applications based on OWASP data published in years 2003–2017, and to obtain answers to three main research questions on the dynamics of variability of specific security threats for web applications security in Industry 4.0. The article presents the role and tasks of the OWASP foundation as a key example of organization dealing with security of web applications, and other selected organizations of this type operating in the world, i.e. NIST and MITRE. The frequency of occurrence of web application threats in years 2003–2017 was compared according to data published in OWASP reports. The unique threat to security of web applications that occurred only once in the analysed period, and those that are repetitive at different time periods was determined, as well as the latest threats that emerged in 2017 by OWASP, and the recommendations for organizations of Industry 4.0 were described. In order to obtain answers to research questions, an in-depth literature analysis based on book sources as well as legal acts and reports published on the Internet was used, and analysis of source data from OWASP, NIST, and MITRE reports was carried out. The results were interpreted based on vulnerability reports analysis and the recommendations for security management in next wave of developing Industry 4.0 were proposed.

Keywords

Cybersecurity OWASP Vulnerability Web application Industry 4.0 

References

  1. 1.
    Jiang, L., Chen, H., Deng, F., & Zhong, Q. (2011). A security evaluation method based on threat classification for web service. Journal of software, 6(4), 595–603.CrossRefGoogle Scholar
  2. 2.
    Kuhn, D. R., Raunak, M. S., & Kacker, R. (2017, July). An analysis of vulnerability trends, 2008–2016. In Proceedings, Software Quality, Reliability and Security (QRS-C), 2017 IEEE International Conference (pp. 587–588).Google Scholar
  3. 3.
    Sung, T. K. (2018). Industry 4.0: a Korea perspective. Technological Forecasting and Social Change, 132, 40–45.CrossRefGoogle Scholar
  4. 4.
    Ponnambalam, S. G., Subramanian, N., Tiwari, M. K., & Yusoff, W. A. W. (2019). Industry 4.0 and hyper-customized smart manufacturing supply chains (p. 94, 245). IGI Global.Google Scholar
  5. 5.
    Ng H. S. (2020). Opportunities, challenges, and solutions for industry 4.0. In A. Ö. Tunç & P. Aslan (Eds.), Business management and communication perspectives in industry 4.0 (pp. 32–51). IGI Global.Google Scholar
  6. 6.
    Kuhn, R., Raunak, M., & Kacker, R. (2017, Nov–Dec). Evaluation of web vulnerability scanners based on OWASP benchmark. IT Professional, 19(6), 66–70.Google Scholar
  7. 7.
    Banasiński, C. (Ed.). (2018). Cyberbezpieczeństwo. Wolters Kluwer Polska, Polska: Zarys wykładu.Google Scholar
  8. 8.
    Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing regulation (EU) No 526/2013 (Cybersecurity Act) (Text with EEA relevance). https://eur-lex.europa.eu/legal-cotent/EN/TXT/?uri=uriserv:OJ.L_.2019.151.01.0015.01.ENG&toc=OJ:L:2019:151:TOC. Last accessed 01 July 2019.
  9. 9.
    The European Union Agency for Cybersecurity—A new chapter for ENISA. https://www.enisa.europa.eu/news/enisa-news/the-european-union-agency-for-cybersecurity-a-new-chapter-for-enisa. Last accessed 26 June 2019.
  10. 10.
    Czaplicki, K., Gryszczyńska, A., & Szpor, G. (2019). Ustawa o krajowym systemie cyberbezpieczeństwa. Wolters Kluwer Polska, Polska: Komentarz.Google Scholar
  11. 11.
    Dz.U. 2018 poz. 1560 USTAWA z dnia 5 lipca 2018 r. o krajowym systemie cyberbezpieczeństwa. http://prawo.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001560/T/D20181560L.pdf. Last accessed 01 July 2019.
  12. 12.
    Reforma cyberbezpieczeństwa w Europie. https://www.consilium.europa.eu/pl/policies/cyber-security/. Last accessed 29 June 2019.
  13. 13.
    Hubbard, D., & Seiersen, R. (2016). How to measure anything in cybersecurity risk (pp. 10–12). Willey: Hoboken.CrossRefGoogle Scholar
  14. 14.
    Von Scheel, H. (2019, May). Demystify the industry 4.0 and move beyond hype. Digital Biz Magazin, Special Edition.Google Scholar
  15. 15.
    Kuhn, R., Rossman, H., & Liu, S. (2009). Introducing insecure IT. IT Professional, 11(1), 24–26.CrossRefGoogle Scholar
  16. 16.
    Kuhn, R., & Johnson, C. (2010). Vulnerability trends: Measuring progress. IT Professional, 12(4), 51–53.CrossRefGoogle Scholar
  17. 17.
    OWASP risk rating methodology. https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology. Last accessed 25 June 2019.
  18. 18.
    About the open web application security project. https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project. Last accessed 03 Apr 2019.
  19. 19.
    Webcesurity about OWASP. http://websecurity.pl/co-oferuje-nam-owasp/. Last accessed 03 Apr 2019.
  20. 20.
    Browse CVE vulnerabilities by date. https://www.cvedetails.com/browse-by-date.php. Last accessed 15 May 2019.
  21. 21.
    NVD-CWE overtime. https://nvd.nist.gov/vuln/visualizations/cwe-over-time. Last accessed 01 June 2019.
  22. 22.
    CWE. (2011). CWE/SANS top 25 most dangerous software errors. https://cwe.mitre.org/top25/. Last accessed 01 June 2019.
  23. 23.
    OWASP top 10. (2004). https://www.owasp.org/index.php/2004_Updates_OWASP_Top_Ten_Project. Last accessed 03 Apr 2019.
  24. 24.
    OWASP. (2017). Top 10 presentation—Constantly learning. http://bretthard.in/post/owasp-2007-top-10-presentation. Last accessed 04 Apr 2019.
  25. 25.
    The top 10 most critical web application security risks in 2010. https://www.owasp.org/images/6/67/OWASP_AppSec_Research_2010_OWASP_Top_10_by_Wichers.pdf. Last accessed 06 Apr 2019.
  26. 26.
    OWASP Top 10. (2013). https://www.owasp.org/images/f/f8/OWASP_Top_10_-_2013.pdf. Last accessed 06 Apr 2019.
  27. 27.
    OWASP Top 10. (2017). https://www.owasp.org/images/b/b0/OWASP_Top_10_2017_RC2_Final.pdf. Last accessed 06 Apr 2019.

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of Economics in KatowiceKatowicePoland
  2. 2.Department of Operational ResearchUniversity of Economics in KatowiceKatowicePoland

Personalised recommendations