Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Untangling the Web: Finding Your Forgotten Assets
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
2018 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Background. In the years between 2016 and 2017, the number of attacks against web application increased by approximately 21.89 percent. The total recorded amount of incidents during 2017 was 6,502. To assure security, patching and scanning are required. This assumes that the company is aware of all their external facing web applications. The company Outpost24 is observing an increased request for a solution capable of finding all external web application owned by one company.

Objectives. This thesis study six methods to identify assets owned by one company. The methods are classified into weak and strong indicators. Based on the classifications, two algorithms are developed. The algorithms are executed against two companies, Outpost24 and Company A. The objective is to evaluate the six methods and decide if the methods are suitable for retrieving assets owned by one company.

Methods. This study includes two experiments testing the two algorithms on two different companies. The experiments focus on to retrieve assets and data to make a decision upon the ownership of the assets. The observed data from the experiments are compared against data known by the two companies to verify if any data is unknown to the company prior to the experiment.

Results. The results show that the identified methods are suitable for both identify assets and to decide upon ownership. Furthermore, assets not previously known was possible to identify. The results from the two methods are visualized as two node maps, providing an overview of identified assets. 

Conclusions. It was concluded that there are methods that are useful when extracting assets from one given assets, and there are methods useful for extracting data used when deciding upon the owner. The methods will assist companies in raising their own awareness of their external facing assets, and in some cases identify assets which were previously unknown to them.

Place, publisher, year, edition, pages
2018. , p. 54
Keywords [en]
forgotten assets, web application, asset retrieval, security
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:bth-16579OAI: oai:DiVA.org:bth-16579DiVA, id: diva2:1228709
External cooperation
Outpost24
Subject / course
DV1478 Bachelor Thesis in Computer Science
Educational program
DVGIS Security Engineering
Supervisors
Examiners
Available from: 2018-07-03 Created: 2018-06-28 Last updated: 2018-07-03Bibliographically approved

Open Access in DiVA

fulltext(3627 kB)514 downloads
File information
File name FULLTEXT02.pdfFile size 3627 kBChecksum SHA-512
33e11579c2f21d59fe9ba436eb83a113e25da236286481ae4262f8060a0ba2aee36d06a2d94e2293c33a9f0c785e7f6c5baeb0557d03fa0d41084454fbb8c130
Type fulltextMimetype application/pdf

By organisation
Department of Computer Science and Engineering
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 515 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 361 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf