Skip to main content
SpringerLink
Log in

The Cyber Threats Analysis for Web Applications Security in Industry 4.0

  • Chapter
  • First Online:
Towards Industry 4.0 — Current Challenges in Information Systems

Part of the book series: Studies in Computational Intelligence ((SCI,volume 887))

Abstract

The article shows the trends of cybersecurity threats occurrence for web applications and the recommendations for security in organizations of Industry 4.0, based on reports study published by web security experts in the Open Web Application Security Project (OWASP), NIST (National Institute of Standards and Technology), and MITRE (The MITRE Corporation). The article presents the diversity and variability of security threats for web applications. The area of research involves the threat categories established in cybersecurity reports, as well as recently published data collected from monitoring of cyber-threats over the changes during the past twenty years by OWASP and NIST, and MITRE. The research goal of the article is to analyse frequency of security threats for web applications based on OWASP data published in years 2003–2017, and to obtain answers to three main research questions on the dynamics of variability of specific security threats for web applications security in Industry 4.0. The article presents the role and tasks of the OWASP foundation as a key example of organization dealing with security of web applications, and other selected organizations of this type operating in the world, i.e. NIST and MITRE. The frequency of occurrence of web application threats in years 2003–2017 was compared according to data published in OWASP reports. The unique threat to security of web applications that occurred only once in the analysed period, and those that are repetitive at different time periods was determined, as well as the latest threats that emerged in 2017 by OWASP, and the recommendations for organizations of Industry 4.0 were described. In order to obtain answers to research questions, an in-depth literature analysis based on book sources as well as legal acts and reports published on the Internet was used, and analysis of source data from OWASP, NIST, and MITRE reports was carried out. The results were interpreted based on vulnerability reports analysis and the recommendations for security management in next wave of developing Industry 4.0 were proposed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Jiang, L., Chen, H., Deng, F., & Zhong, Q. (2011). A security evaluation method based on threat classification for web service. Journal of software, 6(4), 595–603.

    Article  Google Scholar 

  2. Kuhn, D. R., Raunak, M. S., & Kacker, R. (2017, July). An analysis of vulnerability trends, 2008–2016. In Proceedings, Software Quality, Reliability and Security (QRS-C), 2017 IEEE International Conference (pp. 587–588).

    Google Scholar 

  3. Sung, T. K. (2018). Industry 4.0: a Korea perspective. Technological Forecasting and Social Change, 132, 40–45.

    Article  Google Scholar 

  4. Ponnambalam, S. G., Subramanian, N., Tiwari, M. K., & Yusoff, W. A. W. (2019). Industry 4.0 and hyper-customized smart manufacturing supply chains (p. 94, 245). IGI Global.

    Google Scholar 

  5. Ng H. S. (2020). Opportunities, challenges, and solutions for industry 4.0. In A. Ö. Tunç & P. Aslan (Eds.), Business management and communication perspectives in industry 4.0 (pp. 32–51). IGI Global.

    Google Scholar 

  6. Kuhn, R., Raunak, M., & Kacker, R. (2017, Nov–Dec). Evaluation of web vulnerability scanners based on OWASP benchmark. IT Professional, 19(6), 66–70.

    Google Scholar 

  7. Banasiński, C. (Ed.). (2018). Cyberbezpieczeństwo. Wolters Kluwer Polska, Polska: Zarys wykładu.

    Google Scholar 

  8. Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing regulation (EU) No 526/2013 (Cybersecurity Act) (Text with EEA relevance). https://eur-lex.europa.eu/legal-cotent/EN/TXT/?uri=uriserv:OJ.L_.2019.151.01.0015.01.ENG&toc=OJ:L:2019:151:TOC. Last accessed 01 July 2019.

  9. The European Union Agency for Cybersecurity—A new chapter for ENISA. https://www.enisa.europa.eu/news/enisa-news/the-european-union-agency-for-cybersecurity-a-new-chapter-for-enisa. Last accessed 26 June 2019.

  10. Czaplicki, K., Gryszczyńska, A., & Szpor, G. (2019). Ustawa o krajowym systemie cyberbezpieczeństwa. Wolters Kluwer Polska, Polska: Komentarz.

    Google Scholar 

  11. Dz.U. 2018 poz. 1560 USTAWA z dnia 5 lipca 2018 r. o krajowym systemie cyberbezpieczeństwa. http://prawo.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001560/T/D20181560L.pdf. Last accessed 01 July 2019.

  12. Reforma cyberbezpieczeństwa w Europie. https://www.consilium.europa.eu/pl/policies/cyber-security/. Last accessed 29 June 2019.

  13. Hubbard, D., & Seiersen, R. (2016). How to measure anything in cybersecurity risk (pp. 10–12). Willey: Hoboken.

    Book  Google Scholar 

  14. Von Scheel, H. (2019, May). Demystify the industry 4.0 and move beyond hype. Digital Biz Magazin, Special Edition.

    Google Scholar 

  15. Kuhn, R., Rossman, H., & Liu, S. (2009). Introducing insecure IT. IT Professional, 11(1), 24–26.

    Article  Google Scholar 

  16. Kuhn, R., & Johnson, C. (2010). Vulnerability trends: Measuring progress. IT Professional, 12(4), 51–53.

    Article  Google Scholar 

  17. OWASP risk rating methodology. https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology. Last accessed 25 June 2019.

  18. About the open web application security project. https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project. Last accessed 03 Apr 2019.

  19. Webcesurity about OWASP. http://websecurity.pl/co-oferuje-nam-owasp/. Last accessed 03 Apr 2019.

  20. Browse CVE vulnerabilities by date. https://www.cvedetails.com/browse-by-date.php. Last accessed 15 May 2019.

  21. NVD-CWE overtime. https://nvd.nist.gov/vuln/visualizations/cwe-over-time. Last accessed 01 June 2019.

  22. CWE. (2011). CWE/SANS top 25 most dangerous software errors. https://cwe.mitre.org/top25/. Last accessed 01 June 2019.

  23. OWASP top 10. (2004). https://www.owasp.org/index.php/2004_Updates_OWASP_Top_Ten_Project. Last accessed 03 Apr 2019.

  24. OWASP. (2017). Top 10 presentation—Constantly learning. http://bretthard.in/post/owasp-2007-top-10-presentation. Last accessed 04 Apr 2019.

  25. The top 10 most critical web application security risks in 2010. https://www.owasp.org/images/6/67/OWASP_AppSec_Research_2010_OWASP_Top_10_by_Wichers.pdf. Last accessed 06 Apr 2019.

  26. OWASP Top 10. (2013). https://www.owasp.org/images/f/f8/OWASP_Top_10_-_2013.pdf. Last accessed 06 Apr 2019.

  27. OWASP Top 10. (2017). https://www.owasp.org/images/b/b0/OWASP_Top_10_2017_RC2_Final.pdf. Last accessed 06 Apr 2019.

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Economics in Katowice, Katowice, Poland

    Anna Sołtysik-Piorunkiewicz

  2. Department of Operational Research, University of Economics in Katowice, Katowice, Poland

    Monika Krysiak

Authors
  1. Anna Sołtysik-Piorunkiewicz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Monika Krysiak
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anna Sołtysik-Piorunkiewicz .

Editor information

Editors and Affiliations

  1. Department of Process Management, Center for Intelligent Management Systems, Wroclaw University of Economics and Business, Wrocław, Poland

    Marcin Hernes

  2. Department of Information Systems, Center for Intelligent Management Systems, Wroclaw University of Economics and Business, Wrocław, Poland

    Artur Rot

  3. Department of Business Informatics, Czestochowa University of Technology, Częstochowa, Poland

    Dorota Jelonek

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Sołtysik-Piorunkiewicz, A., Krysiak, M. (2020). The Cyber Threats Analysis for Web Applications Security in Industry 4.0. In: Hernes, M., Rot, A., Jelonek, D. (eds) Towards Industry 4.0 — Current Challenges in Information Systems. Studies in Computational Intelligence, vol 887. Springer, Cham. https://doi.org/10.1007/978-3-030-40417-8_8

Download citation

Publish with us

Policies and ethics

Search

Navigation