{"title":"使用开源工具对沙特阿拉伯网站进行安全评估","authors":"Mohammed S. Al-Sanea, Ahmad A. Al-Daraiseh","doi":"10.1109/ANTI-CYBERCRIME.2015.7351928","DOIUrl":null,"url":null,"abstract":"Using e-services in Saudi Arabia is growing. Using such services offers a wide range of benefits and makes people's life easier. However, the development and the deployment of these e-services on the Internet increase the likelihood of exposure to cyber-attacks. Attackers take advantage of vulnerabilities in these e-services. Vulnerabilities arise as a result of weaknesses in the programming, miss-configuration or lack of updates. It is unfortunate that only little effort is done to evaluate the security posture of Saudi Arabia's websites. In this paper, 150 Financial, Academic, Governmental and commercial organizations websites were assessed using open source tools. In addition, a comparison between governmental and commercial websites was done based on the numbers of vulnerabilities found. The results show that Saudi Arabia's websites suffer from high, medium and low impact vulnerabilities. For example; 17.5% of websites are vulnerable to SQL injection, 13.5% are vulnerable to Shell injection, and 61% are vulnerable to Clickjacking. Finally, the evaluation showed that commercial websites are more secure than governmental websites.","PeriodicalId":220556,"journal":{"name":"2015 First International Conference on Anti-Cybercrime (ICACC)","volume":"12 9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Security evaluation of Saudi Arabia's websites using open source tools\",\"authors\":\"Mohammed S. Al-Sanea, Ahmad A. Al-Daraiseh\",\"doi\":\"10.1109/ANTI-CYBERCRIME.2015.7351928\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Using e-services in Saudi Arabia is growing. Using such services offers a wide range of benefits and makes people's life easier. However, the development and the deployment of these e-services on the Internet increase the likelihood of exposure to cyber-attacks. Attackers take advantage of vulnerabilities in these e-services. Vulnerabilities arise as a result of weaknesses in the programming, miss-configuration or lack of updates. It is unfortunate that only little effort is done to evaluate the security posture of Saudi Arabia's websites. In this paper, 150 Financial, Academic, Governmental and commercial organizations websites were assessed using open source tools. In addition, a comparison between governmental and commercial websites was done based on the numbers of vulnerabilities found. The results show that Saudi Arabia's websites suffer from high, medium and low impact vulnerabilities. For example; 17.5% of websites are vulnerable to SQL injection, 13.5% are vulnerable to Shell injection, and 61% are vulnerable to Clickjacking. Finally, the evaluation showed that commercial websites are more secure than governmental websites.\",\"PeriodicalId\":220556,\"journal\":{\"name\":\"2015 First International Conference on Anti-Cybercrime (ICACC)\",\"volume\":\"12 9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-12-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 First International Conference on Anti-Cybercrime (ICACC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ANTI-CYBERCRIME.2015.7351928\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 First International Conference on Anti-Cybercrime (ICACC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ANTI-CYBERCRIME.2015.7351928","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security evaluation of Saudi Arabia's websites using open source tools
Using e-services in Saudi Arabia is growing. Using such services offers a wide range of benefits and makes people's life easier. However, the development and the deployment of these e-services on the Internet increase the likelihood of exposure to cyber-attacks. Attackers take advantage of vulnerabilities in these e-services. Vulnerabilities arise as a result of weaknesses in the programming, miss-configuration or lack of updates. It is unfortunate that only little effort is done to evaluate the security posture of Saudi Arabia's websites. In this paper, 150 Financial, Academic, Governmental and commercial organizations websites were assessed using open source tools. In addition, a comparison between governmental and commercial websites was done based on the numbers of vulnerabilities found. The results show that Saudi Arabia's websites suffer from high, medium and low impact vulnerabilities. For example; 17.5% of websites are vulnerable to SQL injection, 13.5% are vulnerable to Shell injection, and 61% are vulnerable to Clickjacking. Finally, the evaluation showed that commercial websites are more secure than governmental websites.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
