An automatic web server auditing tool based on CIS benchmark
6
Issued Date
2022
Copyright Date
2022
Resource Type
Language
eng
File Type
application/pdf
No. of Pages/File Size
xvii, 743 leaves : ill.
Access Rights
open access
Rights
ผลงานนี้เป็นลิขสิทธิ์ของมหาวิทยาลัยมหิดล ขอสงวนไว้สำหรับเพื่อการศึกษาเท่านั้น ต้องอ้างอิงแหล่งที่มา ห้ามดัดแปลงเนื้อหา และห้ามนำไปใช้เพื่อการค้า
Rights Holder(s)
Mahidol University
Bibliographic Citation
Thematic Paper (M.Sc. (Cyber Security and Information Assurance))--Mahidol University, 2022)
Suggested Citation
Wasutum Kethom An automatic web server auditing tool based on CIS benchmark. Thematic Paper (M.Sc. (Cyber Security and Information Assurance))--Mahidol University, 2022). Retrieved from: https://repository.li.mahidol.ac.th/handle/123456789/113932
Title
An automatic web server auditing tool based on CIS benchmark
Author(s)
Abstract
Web applications are used for many purposes nowadays, especially for business purposes. When the web applications deal with sensitive information such as financial or personal data, the security of the web application should play a greater role. Apart from the security of the web application itself, the security of the web server is also important and should not be ignored. To ensure the security of the web server, auditing plays an important role. CIS benchmark is the organization that provides the checklists with the guidelines for auditing. Due to the long checklists with multiple steps to be checked in each recommendation, human errors may occur during the audit processes which may require longer time to finish the audit. In this study, we propose an automatic web server auditing tool that takes the burden of auditing the web server off the auditor instead of manually following the guidelines of the CIS benchmark. This tool determines whether the web servers meet all the recommendations of the CIS benchmark. Also, this tool generates two types of reports for the auditor: a summary report and a detailed report so that the auditor can get more information about the audit result. Besides, remediations based on CIS benchmark is also provided in the detail report. We have also conducted experiments to prove that our tool can be used to properly perform the audit on the web server. The tool was tested in three different environments, namely the system with default configuration, the hardened configuration, and the downloaded configuration. Each environment is tested in two ways, manually and with the tool. The test results show that our tool can perform the test correctly. Implication of the thematic paper: In this study, we propose an automatic web server auditing tool that takes the burden of auditing the web server off the auditor instead of manually following the guidelines of the CIS benchmark. This tool determines whether the web servers meet all the recommendations of the CIS benchmark. Also, this tool generates two types of reports for the auditor: a summary report and a detailed report so that the auditor can get more information about the audit result. Besides, remediations based on CIS benchmark is also provided in the detail report.
Degree Name
Master of Science
Degree Level
Master's degree
Degree Department
Faculty of Information and Communication Technology
Degree Discipline
Cyber Security and Information Assurance
Degree Grantor(s)
Mahidol University