Using SQL Hotspots in a Prioritization Heuristic for Detecting All Types of Web Application Vulnerabilities: Difference between revisions
Jump to navigation
Jump to search
Programsam (talk | contribs) |
Programsam (talk | contribs) |
||
| Line 23: | Line 23: | ||
== 2. Background == | == 2. Background == | ||
According to the ISO, a vulnerability is “..an instance of a [fault] in the specification, development, or configuration of software such that its execution can violate an [implicit or explicit] security policy” <sup>[4]</sup>. Since no single validation or verification practice can detect every vulnerability in a system<sup>[7]</sup>, we have to assume that the file may have latent, undiscovered vulnerabilities. We call files ''vulnerable'' that have been changed due to a vulnerability report. We call files that have not been changed due to vulnerability reports ''neutral''. | |||
A predictive model for classifying components as being either vulnerable or neutral will make either correct or incorrect classifications. As such, for a given test of the model, there are true positives, where the model correctly classifies a component as vulnerable, and true negatives, where the model correctly classifies the component as neutral. When the model is wrong, there are false positives, where the model classifies the component as being vulnerable, but the component was neutral, and false negatives where the model failed to identify a vulnerable component. The performance of a given model to classify components as being one of two binary options has often been evaluated using two measurements: precision and recall<sup>[10]</sup>. | |||
== 3. Related Work == | == 3. Related Work == | ||