CASA: a comprehensive automatic web servers audit
Issued Date
2026-01-01
Resource Type
ISSN
17441765
eISSN
17441773
Scopus ID
2-s2.0-105025718489
Journal Title
International Journal of Information and Computer Security
Volume
29
Issue
1
Start Page
87
End Page
111
Rights Holder(s)
SCOPUS
Bibliographic Citation
International Journal of Information and Computer Security Vol.29 No.1 (2026) , 87-111
Suggested Citation
Khurat A., Gunatilaka D., Kethom W. CASA: a comprehensive automatic web servers audit. International Journal of Information and Computer Security Vol.29 No.1 (2026) , 87-111. 111. doi:10.1504/IJICS.2026.150538 Retrieved from: https://repository.li.mahidol.ac.th/handle/123456789/114714
Title
CASA: a comprehensive automatic web servers audit
Author(s)
Author's Affiliation
Corresponding Author(s)
Other Contributor(s)
Abstract
Web servers play a crucial role in web technology. Insufficient protection can lead to serious risks, such as sensitive data exposure. To reduce risk of successful attacks, regular web server configuration audits are conducted. However, manual auditing is often tedious and error-prone, as it requires running commands to check configurations. To enhance this process, we introduce CASA, an automated audit tool designed for four widely used web servers: Nginx, Apache HTTP, Apache Tomcat, and Microsoft IIS. CASA evaluates configurations against industry standard CIS benchmarks, identifies non-compliant settings, and generates HTML audit reports. Our analysis shows that CASA significantly enhances automation in security auditing. We validate its effectiveness by comparing results with manual audits and analysing default and publicly available configurations from GitHub. The findings indicate low compliance with security benchmarks, with less than half of configurations meeting recommended standards, exposing critical risks in unmodified deployments.