|Submitted by:||Aidmar Wainakh, Dr. Ahmad Wabbi, Dr. Bassel Alkhatib|
|International Review on Computers and Software (I.RE.CO.S.), Vol. 9, n. 10|
Misconfiguration is one of the most critical Web vulnerabilities, still it does not receive enough attention. Applying general security practices and general remediation proved inefficiency in dealing with this type of vulnerabilities. In this research, we discuss and highlight several issues in order to enhance misconfiguration detection, quantifying and fixing. Our approach detects misconfiguration based on extended set of security-related configurations, then quantify the vulnerabilities according to the environment characteristics, using the most recent scoring standard in this field and recommend customized secure remediation. We implemented our approach in a tool called MVS, and we were able to evaluate seven Apache-MySQL-PHP packages, ten open source Web applications and seven online websites. Our experiments revealed that the tool is able to detect misconfigurations at both the environment level and the application level, then recommend customized and secure remediation.