Volume 12, Number 4

Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilities of Web Applications


Mohammad Shojaeshafiei, Letha Etzkorn and Michael Anderson, The University of Alabama in Huntsville, USA


Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.


vulnerability, web applications, analytic hierarchy process, fuzzy logic, goal question metrics, cybersecurity