security assessment for education website in saudi arabia

Abstract

Web applications have become a part of our daily lives, and are usually accessible from any internet connection point at any time. This has also had an impact on the education sector, whereby increasing the demand for a reliable, effective, and stable web presence. The institutional websites have helped many educational organisations deliver vital information to potential students without increasing man hours. Due to this, the e-service industry is growing in Saudi Arabia. The creation and delivery of such e-services on the internet however increases the risk of cyber-attack exposure. This could result in the data theft of users and other involved parties. Hence, to maintain the trust of the users, the level of website security must be analyzed, and the vulnerabilities addressed. The research done focuses on four main phases of security assessment framework. This includes Reconnaissance, Enumeration and Scanning, Vulnerability Assessment, and Content Analysis. The study was carried out using 12 education websites in Saudi Arabia. The results indicated that total number of high, intermediate and low vulnerabilities found are 886, 5036 and 604 respectively. Besides this, there were 1965 informational vulnerabilities. These high number of vulnerabilities in the websites without mitigation protocol are at high risk of cyber-attacks and must be patched. The following research would aid the Saudi Arabian institutes in understanding the vulnerabilities and establish protocols in order to mitigate attacks.