Security evaluation of Saudi Arabia's websites using open source tools

2015 First International Conference on Anti-Cybercrime (ICACC) Pub Date : 2015-12-10 DOI:10.1109/ANTI-CYBERCRIME.2015.7351928

Mohammed S. Al-Sanea, Ahmad A. Al-Daraiseh

{"title":"Security evaluation of Saudi Arabia's websites using open source tools","authors":"Mohammed S. Al-Sanea, Ahmad A. Al-Daraiseh","doi":"10.1109/ANTI-CYBERCRIME.2015.7351928","DOIUrl":null,"url":null,"abstract":"Using e-services in Saudi Arabia is growing. Using such services offers a wide range of benefits and makes people's life easier. However, the development and the deployment of these e-services on the Internet increase the likelihood of exposure to cyber-attacks. Attackers take advantage of vulnerabilities in these e-services. Vulnerabilities arise as a result of weaknesses in the programming, miss-configuration or lack of updates. It is unfortunate that only little effort is done to evaluate the security posture of Saudi Arabia's websites. In this paper, 150 Financial, Academic, Governmental and commercial organizations websites were assessed using open source tools. In addition, a comparison between governmental and commercial websites was done based on the numbers of vulnerabilities found. The results show that Saudi Arabia's websites suffer from high, medium and low impact vulnerabilities. For example; 17.5% of websites are vulnerable to SQL injection, 13.5% are vulnerable to Shell injection, and 61% are vulnerable to Clickjacking. Finally, the evaluation showed that commercial websites are more secure than governmental websites.","PeriodicalId":220556,"journal":{"name":"2015 First International Conference on Anti-Cybercrime (ICACC)","volume":"12 9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 First International Conference on Anti-Cybercrime (ICACC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ANTI-CYBERCRIME.2015.7351928","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Using e-services in Saudi Arabia is growing. Using such services offers a wide range of benefits and makes people's life easier. However, the development and the deployment of these e-services on the Internet increase the likelihood of exposure to cyber-attacks. Attackers take advantage of vulnerabilities in these e-services. Vulnerabilities arise as a result of weaknesses in the programming, miss-configuration or lack of updates. It is unfortunate that only little effort is done to evaluate the security posture of Saudi Arabia's websites. In this paper, 150 Financial, Academic, Governmental and commercial organizations websites were assessed using open source tools. In addition, a comparison between governmental and commercial websites was done based on the numbers of vulnerabilities found. The results show that Saudi Arabia's websites suffer from high, medium and low impact vulnerabilities. For example; 17.5% of websites are vulnerable to SQL injection, 13.5% are vulnerable to Shell injection, and 61% are vulnerable to Clickjacking. Finally, the evaluation showed that commercial websites are more secure than governmental websites.

查看原文本刊更多论文

使用开源工具对沙特阿拉伯网站进行安全评估

沙特阿拉伯使用电子服务的人数正在增长。使用这些服务提供了广泛的好处，使人们的生活更轻松。然而，这些电子服务在互联网上的发展和部署增加了遭受网络攻击的可能性。攻击者利用这些电子服务中的漏洞。由于编程中的弱点、配置错误或缺乏更新，会出现漏洞。不幸的是，在评估沙特阿拉伯网站的安全状况方面，几乎没有什么努力。本文使用开源工具对150个金融、学术、政府和商业组织的网站进行了评估。此外，还根据发现的漏洞数量对政府网站和商业网站进行了比较。结果表明，沙特阿拉伯的网站存在高、中、低影响漏洞。例如;17.5%的网站易受SQL注入攻击，13.5%的网站易受Shell注入攻击，61%的网站易受点击劫持攻击。最后，评价表明，商业网站比政府网站更安全。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 First International Conference on Anti-Cybercrime (ICACC)

自引率

0.00%

发文量