<![CDATA[Exploitation against web applications can be formulated into an attack tree. This research aims to explore the relationship between the attack tree and the exploitation characteristics based on time and cost metrics. The study involves conducting exploitation experiments on the DVWA platform. The exploitation stages are utilized to construct the attack tree, which is then organized based on two conditions: with Web Application Firewall (WAF) and without WAF. The attack tree is composed of five types of exploitation, namely SQL Injection, XSS (Reflected), Command Injection, CSRF, and Brute Force. The analysis results without WAF indicate that the XSS (Reflected) attack tree occupies the top position with a score of 53.69, while the SQL Injection attack tree ranks last with a score of 682.49. On the other hand, with WAF, the XSS (Reflected) attack tree remains at the top with a score of 61.11, and the SQL Injection attack tree still occupies the last position, but with a lower score of 207.22. Consequently, this relationship can be utilized to categorize attack trees based on time and cost metrics. Future research opportunities may involve measuring subsystem processes of the system.]]>
Copyrights © 2023
