Our (in)Secure Web: Understanding Update Behavior of Websites and Its Impact on Security
Demir, Nurullah
; Urban, Tobias; Wittek, Kevin; Pohlmann, Norbert
; Urban, Tobias; Wittek, Kevin; Pohlmann, NorbertAbstract:
Software updates take an essential role in keeping IT environments secure. If service providers delay or do not install updates, it can cause unwanted security implications for their environments. This paper conducts a large-scale measurement study of the update behavior of websites and their utilized software stacks. Across 18 months, we analyze over 5.6M websites and 246 distinct client- and server-side software distributions. We found that almost all analyzed sites use outdated software.
To understand the possible security implications of outdated software, we analyze the potential vulnerabilities that affect the utilized software. We show that software components are getting older and more vulnerable
because they are not updated. We find that 95 % of the analyzed websites
use at least one product for which a vulnerability existed.
To understand the possible security implications of outdated software, we analyze the potential vulnerabilities that affect the utilized software. We show that software components are getting older and more vulnerable
because they are not updated. We find that 95 % of the analyzed websites
use at least one product for which a vulnerability existed.
| Zugehörige Institution(en) am KIT | Institut für Informationssicherheit und Verlässlichkeit (KASTEL) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsjahr | 2021 |
| Sprache | Englisch |
| Identifikator | ISBN: 978-3-030-72581-5 ISSN: 0302-9743, 1611-3349 KITopen-ID: 1000142475 |
| Erschienen in | Passive and active measurement : 22nd international conference, PAM 2021, virtual event, March 29 - April 1, 2021 : proceedings . Ed.: O. Hohlfeld |
| Veranstaltung | 22nd Passive and Active Measurement Conference (PAM 2021), Online, 29.03.2021 – 01.04.2021 |
| Verlag | Springer International Publishing |
| Seiten | 76–92 |
| Serie | Lecture notes in computer science ; 12671 |
| Bemerkung zur Veröffentlichung | Computer Communication Networks and Telecommunications |
| Vorab online veröffentlicht am | 30.03.2021 |
| Nachgewiesen in | Scopus Dimensions |
| Relationen in KITopen |