Untangling the Web: Finding Your Forgotten Assets
2018 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE credits
Student thesis
Abstract [en]
Background. In the years between 2016 and 2017, the number of attacks against web application increased by approximately 21.89 percent. The total recorded amount of incidents during 2017 was 6,502. To assure security, patching and scanning are required. This assumes that the company is aware of all their external facing web applications. The company Outpost24 is observing an increased request for a solution capable of finding all external web application owned by one company.
Objectives. This thesis study six methods to identify assets owned by one company. The methods are classified into weak and strong indicators. Based on the classifications, two algorithms are developed. The algorithms are executed against two companies, Outpost24 and Company A. The objective is to evaluate the six methods and decide if the methods are suitable for retrieving assets owned by one company.
Methods. This study includes two experiments testing the two algorithms on two different companies. The experiments focus on to retrieve assets and data to make a decision upon the ownership of the assets. The observed data from the experiments are compared against data known by the two companies to verify if any data is unknown to the company prior to the experiment.
Results. The results show that the identified methods are suitable for both identify assets and to decide upon ownership. Furthermore, assets not previously known was possible to identify. The results from the two methods are visualized as two node maps, providing an overview of identified assets.
Conclusions. It was concluded that there are methods that are useful when extracting assets from one given assets, and there are methods useful for extracting data used when deciding upon the owner. The methods will assist companies in raising their own awareness of their external facing assets, and in some cases identify assets which were previously unknown to them.
Place, publisher, year, edition, pages
2018. , p. 54
Keywords [en]
forgotten assets, web application, asset retrieval, security
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:bth-16579OAI: oai:DiVA.org:bth-16579DiVA, id: diva2:1228709
External cooperation
Outpost24
Subject / course
DV1478 Bachelor Thesis in Computer Science
Educational program
DVGIS Security Engineering
Supervisors
Examiners
2018-07-032018-06-282018-07-03Bibliographically approved