KIT | KIT-Bibliothek | Impressum | Datenschutz

Our (in)Secure Web: Understanding Update Behavior of Websites and Its Impact on Security

Demir, Nurullah ORCID iD icon; Urban, Tobias; Wittek, Kevin; Pohlmann, Norbert


Software updates take an essential role in keeping IT environments secure. If service providers delay or do not install updates, it can cause unwanted security implications for their environments. This paper conducts a large-scale measurement study of the update behavior of websites and their utilized software stacks. Across 18 months, we analyze over 5.6M websites and 246 distinct client- and server-side software distributions. We found that almost all analyzed sites use outdated software.
To understand the possible security implications of outdated software, we analyze the potential vulnerabilities that affect the utilized software. We show that software components are getting older and more vulnerable
because they are not updated. We find that 95 % of the analyzed websites
use at least one product for which a vulnerability existed.

Postprint §
DOI: 10.5445/IR/1000142475
Veröffentlicht am 31.03.2022
DOI: 10.1007/978-3-030-72582-2_5
Zitationen: 2
Zitationen: 4
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Informationssicherheit und Verlässlichkeit (KASTEL)
Publikationstyp Proceedingsbeitrag
Publikationsjahr 2021
Sprache Englisch
Identifikator ISBN: 978-3-030-72581-5
ISSN: 0302-9743, 1611-3349
KITopen-ID: 1000142475
Erschienen in Passive and active measurement : 22nd international conference, PAM 2021, virtual event, March 29 - April 1, 2021 : proceedings . Ed.: O. Hohlfeld
Veranstaltung 22nd Passive and Active Measurement Conference (PAM 2021), Online, 29.03.2021 – 01.04.2021
Verlag Springer International Publishing
Seiten 76–92
Serie Lecture notes in computer science ; 12671
Bemerkung zur Veröffentlichung Computer Communication Networks and Telecommunications
Vorab online veröffentlicht am 30.03.2021
Nachgewiesen in Dimensions
Relationen in KITopen
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page