Analyzing Web Application Vulnerabilities of Educational Institutions in Bangladesh
Loading...
Date
Journal Title
Journal ISSN
Volume Title
Publisher
Department of Computer Science and Engineering(CSE), Islamic University of Technology(IUT), Board Bazar, Gazipur, Bangladesh
Abstract
The biggest challenge we face today is web security. It is the fundamental framework
for the global data society. People’s daily activities mostly depend on internet-based
applications. No web application is free from threats and security issues. Clients and
users make mistakes when interacting with web applications, which can lead to security
issues. Besides, there are coding flaws and server misconfiguration issues which gradually
lead to service failure or attacks on vulnerable information. Strong security in the web
application is a vital need for online presence nowadays. Dealing with web security issues
requires deep insight as there are a lot of tools available to detect vulnerabilities. Proper
understanding and deep analysis are required to find the proper tool for this application.
This study aims to detect vulnerabilities of the educational websites in Bangladesh and
analyze which scanning tool provides more accurate results. For our analysis, we have
used the two most prominent web application security scanners, Acunetix and Nikto.
After scanning, many security issues and vulnerabilities were found. However, the
most common vulnerability issue among all the websites was SQL injection, XSS, and
Clickjacking
Description
Supervised by
Mr. Ashraful Alam Khan,
Assistant professor,
Co-Supervisor
Mr. S.M. Sabit Bananee,
Lecturer,
Mr. Imtiaj Ahmed Chowdhury,
Lecturer,
Department of Computer Science and Engineering(CSE),
Islamic University of Technology (IUT)
Board Bazar, Gazipur-1704, Bangladesh.
This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Software Engineering of Computer Science and Engineering department, 2022.
Keywords
SQL injection, XSS, Clickjacking, Acunetix, Nikto
Citation
[1] H. Shahriar, “Web security vulnerabilities: Challenges and solutions,” A Tutorial Proposal for ACM, pp. 1–5, 2018. [2] H.-C. Huang, Z.-K. Zhang, H.-W. Cheng, and S. W. Shieh, “Web application security: threats, countermeasures, and pitfalls,” Computer, vol. 50, no. 6, pp. 81–85, 2017. [3] A. Masood and J. Java, “Static analysis for web service security-tools & techniques for a secure development life cycle,” in 2015 IEEE International Symposium on Technologies for Homeland Security (HST), pp. 1–6, IEEE, 2015. [4] A. Alzahrani, A. Alqazzaz, Y. Zhu, H. Fu, and N. Almashfi, “Web application security tools analysis,” in 2017 ieee 3rd international conference on big data security on cloud (bigdatasecurity), ieee international conference on high performance and smart computing (hpsc), and ieee international conference on intelligent data and security (ids), pp. 237–242, IEEE, 2017. [5] “Acunetix.” https://www.acunetix.com/plp/web-vulnerability-scanner/?ab=v2& gclid=Cj0KCQjw1ZeUBhDyARIsAOzAqQJpgmvQu68aECYo34vBCeFACSHR6zwtTP_qd9gpeZzz_ xhuoAy-raAaAtH5EALw_wcB&utm_medium=cpc&utm_source=Adwords&utm_content=69244266647& utm_campaign=1683924377&utm_term=acunetix. [6] “Nikto.” https://cirt.net/Nikto2. [7] M. A. Rahman, M. Amjad, B. Ahmed, and M. S. Siddik, “Analyzing web application vulnerabilities: an empirical study on e-commerce sector in bangladesh,” in Proceedings of the international conference on computing advancements, pp. 1–6, 2020. [8] A. Chancusi, P. Diestra, and D. Nicolalde, “Vulnerability analysis of the exposed public ips in a higher education institution,” in 2020 the 10th International Conference on Communication and Network Security, pp. 83–90, 2020. [9] M. Akour and I. Alsmadi, “Vulnerability assessments: a case study of jordanian universities,” in 2015 International Conference on Open Source Software Computing (OSSCOM), pp. 1–7, IEEE, 2015.