Automation of Quantifying Security Risk Level on Injection Attacks Based on Common Vulnerability Scoring System Metric

Abstract

An injection attack is a cyber-attack that is one of The Open Web Application Security Project Top 10 Vulnerabilities. These attacks take advantage of insufficient user input validation into the system through the input surface of a Web application as that user in the browser. The company’s cyber security team must filter thousands of attacks to prioritize which attacks are considered the most dangerous to be mitigated first. This activity of filtering thousands of attacks takes much time because you have to check these attacks one by one. Therefore, a method is needed to assess how dangerous a cyber-attack is that enters an organization’s or company’s server. Injection attack detection can be done by analyzing the request data in the web server log. Our research attempts to perform quantification modeling of the variations of two types of injection attacks, SQL Injection (SQLi) and Cross-Site Scripting (XSS), using Common Vulnerability Scoring System Metrics (CVSS). CVSS metrics are generally used to calculate the level of dangerous weakness in the system. This metric is never used to calculate the level of how dangerous an attack is. The modeling that we have made shows that SQLi and XSS attacks have many variations in levels ranging from low to high levels. We discovered that when classified with Common Weakness Enumeration Database, SQLi and XSS attacks CVE values would have high-level congruence with almost 94% value between one another vector on CVSS.