Abstract
The article shows the trends of cybersecurity threats occurrence for web applications and the recommendations for security in organizations of Industry 4.0, based on reports study published by web security experts in the Open Web Application Security Project (OWASP), NIST (National Institute of Standards and Technology), and MITRE (The MITRE Corporation). The article presents the diversity and variability of security threats for web applications. The area of research involves the threat categories established in cybersecurity reports, as well as recently published data collected from monitoring of cyber-threats over the changes during the past twenty years by OWASP and NIST, and MITRE. The research goal of the article is to analyse frequency of security threats for web applications based on OWASP data published in years 2003–2017, and to obtain answers to three main research questions on the dynamics of variability of specific security threats for web applications security in Industry 4.0. The article presents the role and tasks of the OWASP foundation as a key example of organization dealing with security of web applications, and other selected organizations of this type operating in the world, i.e. NIST and MITRE. The frequency of occurrence of web application threats in years 2003–2017 was compared according to data published in OWASP reports. The unique threat to security of web applications that occurred only once in the analysed period, and those that are repetitive at different time periods was determined, as well as the latest threats that emerged in 2017 by OWASP, and the recommendations for organizations of Industry 4.0 were described. In order to obtain answers to research questions, an in-depth literature analysis based on book sources as well as legal acts and reports published on the Internet was used, and analysis of source data from OWASP, NIST, and MITRE reports was carried out. The results were interpreted based on vulnerability reports analysis and the recommendations for security management in next wave of developing Industry 4.0 were proposed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Jiang, L., Chen, H., Deng, F., & Zhong, Q. (2011). A security evaluation method based on threat classification for web service. Journal of software, 6(4), 595–603.
Kuhn, D. R., Raunak, M. S., & Kacker, R. (2017, July). An analysis of vulnerability trends, 2008–2016. In Proceedings, Software Quality, Reliability and Security (QRS-C), 2017 IEEE International Conference (pp. 587–588).
Sung, T. K. (2018). Industry 4.0: a Korea perspective. Technological Forecasting and Social Change, 132, 40–45.
Ponnambalam, S. G., Subramanian, N., Tiwari, M. K., & Yusoff, W. A. W. (2019). Industry 4.0 and hyper-customized smart manufacturing supply chains (p. 94, 245). IGI Global.
Ng H. S. (2020). Opportunities, challenges, and solutions for industry 4.0. In A. Ö. Tunç & P. Aslan (Eds.), Business management and communication perspectives in industry 4.0 (pp. 32–51). IGI Global.
Kuhn, R., Raunak, M., & Kacker, R. (2017, Nov–Dec). Evaluation of web vulnerability scanners based on OWASP benchmark. IT Professional, 19(6), 66–70.
Banasiński, C. (Ed.). (2018). Cyberbezpieczeństwo. Wolters Kluwer Polska, Polska: Zarys wykładu.
Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing regulation (EU) No 526/2013 (Cybersecurity Act) (Text with EEA relevance). https://eur-lex.europa.eu/legal-cotent/EN/TXT/?uri=uriserv:OJ.L_.2019.151.01.0015.01.ENG&toc=OJ:L:2019:151:TOC. Last accessed 01 July 2019.
The European Union Agency for Cybersecurity—A new chapter for ENISA. https://www.enisa.europa.eu/news/enisa-news/the-european-union-agency-for-cybersecurity-a-new-chapter-for-enisa. Last accessed 26 June 2019.
Czaplicki, K., Gryszczyńska, A., & Szpor, G. (2019). Ustawa o krajowym systemie cyberbezpieczeństwa. Wolters Kluwer Polska, Polska: Komentarz.
Dz.U. 2018 poz. 1560 USTAWA z dnia 5 lipca 2018 r. o krajowym systemie cyberbezpieczeństwa. http://prawo.sejm.gov.pl/isap.nsf/download.xsp/WDU20180001560/T/D20181560L.pdf. Last accessed 01 July 2019.
Reforma cyberbezpieczeństwa w Europie. https://www.consilium.europa.eu/pl/policies/cyber-security/. Last accessed 29 June 2019.
Hubbard, D., & Seiersen, R. (2016). How to measure anything in cybersecurity risk (pp. 10–12). Willey: Hoboken.
Von Scheel, H. (2019, May). Demystify the industry 4.0 and move beyond hype. Digital Biz Magazin, Special Edition.
Kuhn, R., Rossman, H., & Liu, S. (2009). Introducing insecure IT. IT Professional, 11(1), 24–26.
Kuhn, R., & Johnson, C. (2010). Vulnerability trends: Measuring progress. IT Professional, 12(4), 51–53.
OWASP risk rating methodology. https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology. Last accessed 25 June 2019.
About the open web application security project. https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project. Last accessed 03 Apr 2019.
Webcesurity about OWASP. http://websecurity.pl/co-oferuje-nam-owasp/. Last accessed 03 Apr 2019.
Browse CVE vulnerabilities by date. https://www.cvedetails.com/browse-by-date.php. Last accessed 15 May 2019.
NVD-CWE overtime. https://nvd.nist.gov/vuln/visualizations/cwe-over-time. Last accessed 01 June 2019.
CWE. (2011). CWE/SANS top 25 most dangerous software errors. https://cwe.mitre.org/top25/. Last accessed 01 June 2019.
OWASP top 10. (2004). https://www.owasp.org/index.php/2004_Updates_OWASP_Top_Ten_Project. Last accessed 03 Apr 2019.
OWASP. (2017). Top 10 presentation—Constantly learning. http://bretthard.in/post/owasp-2007-top-10-presentation. Last accessed 04 Apr 2019.
The top 10 most critical web application security risks in 2010. https://www.owasp.org/images/6/67/OWASP_AppSec_Research_2010_OWASP_Top_10_by_Wichers.pdf. Last accessed 06 Apr 2019.
OWASP Top 10. (2013). https://www.owasp.org/images/f/f8/OWASP_Top_10_-_2013.pdf. Last accessed 06 Apr 2019.
OWASP Top 10. (2017). https://www.owasp.org/images/b/b0/OWASP_Top_10_2017_RC2_Final.pdf. Last accessed 06 Apr 2019.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Sołtysik-Piorunkiewicz, A., Krysiak, M. (2020). The Cyber Threats Analysis for Web Applications Security in Industry 4.0. In: Hernes, M., Rot, A., Jelonek, D. (eds) Towards Industry 4.0 — Current Challenges in Information Systems. Studies in Computational Intelligence, vol 887. Springer, Cham. https://doi.org/10.1007/978-3-030-40417-8_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-40417-8_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-40416-1
Online ISBN: 978-3-030-40417-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)