1 / 7

Analyzing Vulnerabilities in Apache and IIS HTTP Servers: A Study on Discovery Rates

This study investigates the vulnerabilities of the two leading HTTP servers, Apache and IIS, highlighting the discovery rates and patterns of various vulnerabilities, such as Denial of Service attacks. It reviews two key models—time-based and effort-based—that contribute to the understanding of vulnerability discovery. The findings indicate that while Apache vulnerabilities continue to rise with increasing installations, IIS vulnerabilities have plateaued, suggesting a saturation point. This research contributes to better vulnerability management strategies for these critical web servers.

zea
Download Presentation

Analyzing Vulnerabilities in Apache and IIS HTTP Servers: A Study on Discovery Rates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Assessing Vulnerabilities in Apache and IIS HTTP Servers Sung-Whan Woo, Omar H. Alhazmi, Yashwant K. Malaiya Sri Reddy IWS2 Bits1

  2. Intro • Both of the 2 most popular HTTP servers on the market: Apache & IIS have major vulnerabilities • This study probes the discovery rate of vulnerabilities • Past studies highlighted specific problems like Denial of Service

  3. Models • Vulnerabilities Discovery Models • Time-based • Effort-based (number of installations) • MODELING VULNERABILTIES IN HTTP SERVERS • Apache • IIS

  4. Vulnerabilities Discovery Models • 2 models • time-based & effort-based • number of bugs reported might saturate after a certain amt of time (has for IIS) • Effort-based is based on the number of installations (and the effort to find server bugs)

  5. Market Share as a Factor in Effort-Based Model

  6. MODELING VULNERABILTIES IN HTTP SERVERS (time-based) • Apache • IIS

  7. Conclusions • Apache vulnerabilities growth rate appears to be positive due to growth in # of installations of Apache web server • IIS vulnerabilities growth rate appears to be have become low due to little growth in # of IIS installations (saturation of IIS)

More Related