Abstract
Web application is no denying one of the most effective ways to provide essential services to clientele. However, data breach and system insecurities are increasing concern in the field of information system. The growing number of concern is the basis of the authors for this research. Several Web vulnerability scanners are used for institutions’ online resources to test the security level of the online systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
X.C.A.M. Vaidya, A survey on security and vulnerabilities of web application. Int. J. Comput. Sci. Inf. Technol. 5(2), 1856–1860 (2014)
F.A. Saeed, Using WASSEC to evaluate commercial web application security scanners. Int. J. Soft Comput. Eng. 4(1), 177–181 (2014)
R. Johari, P. Sharma, A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL injection, in International Conference on Communication Systems and Network Technologies (2012)
H.A.S. Mohammad, Survey of web application and internet security threats. Int. J. Comput. Sci. Network Secur. 12(12), 67–76 (2012)
Ghanacelebrities.com, Website of Registrar General’s Department Hacked [Online]. Available: http://www.ghanacelebrities.com/2015/12/15/website-of-registrar-generals-department-hacked. Accessed 11 Auagust 2019
Y.H.A.A.J.D. Vandana, Web application vulnerabilities: a survey. Int. J. Comp. Appl. 108(1), 25–31 (2014)
T. Armerding, The 18 biggest data breaches of the 21st century, 20 December 2018. [Online]. Available: https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html. Accessed 24 August 2019
N.A. Acquaye, Software vulnerability led to Ghana govt site hack [Online]. Available: http://www.biztechafrica.com/article/software-vulnerability-led-ghana-govt-site-hack/9583/. Accessed 11 August 2019
The OWASP Foundation [Online]. Available: https://www.owasp.org/index.php/Top_10_2013. Accessed 11 August 2019
International Organization for Standardization and International Electrotechnical Commission. ISO/IEC 27001:2005 Information technology—security techniques—information security management systems—requirement (2005)
K.D.A.K. Priyadharsini, A survey on security properties and web application scanner. Int. J. Comput. Sci. Mob. Comput. 3(10), 517–527 (2014)
M.L. Garcia, CPP, in Design and Evaluation of Physical Protection Systems, 2nd edn. (2008)
F. Ullah, A. Johannes Raft, M. Shahin, M. Zahedi, M.A. Babar, Security support in continuous deployment pipeline, in Proceedings of 12th International Conference on Evaluation of Novel Approaches to Software Engineering (2017)
Qualys SSL Labs “SSL Server Test” URL: https://www.ssllabs.com/ssltest/index.html. Accessed: December (2018)
GoDaddy Inc., GoDaddy Acquires Sucuri to Advance Digital Security for Customers—Sucuri Enables Customers to Secure Websites without Being Security Experts. https://www.prnewswire.com/news-releases/godaddy-acquires-sucuri-to-advance-digital-security-for-customers-300427537.html Accessed: August 2019
Securi website security check & malware scanner. https://sitecheck.sucuri.net/. Accessed: December 2018
Symantec Internet Security Threat Report 2016. https://www.symantec.com/content/dam/symantec/docs/reports/istr-21–2016-en.pdf
Htbridge “Website Security Test”. https://www.htbridge.com/websec/?id=FXDxffVp. Accessed: December 2018
R.J. Robles, S.S. Yeo, Application of role-based access control for web environment, in Proceedings of 2008 International Symposium on Ubiquitous Multimedia Computing (Published by IEEE, 2008), pp. 171–174
Andrei Popov, Prohibiting RC4 Cipher Suites. https://doi.org/10.17487/rfc7465
Lucian Constantin, Microsoft continues RC4 encryption phase-out plan with .NET security updates. ComputerWorld
D. Endencio-Robles, Analysis of regular operations application and finite automa. Int. J. Adv. Sci. Technol. 118(1), 151–160 (2018)
GlobalSign Blog, What is Server Name Indication (SNI)? https://www.globalsign.com/en/blog/what-is-server-name-indication. Accessed: December 2018
P.S.A.A. Radaslic, A penetration test of an internet service provider. School Inf. Sci. Comput. Electr. Eng. 5–25 (2012)
H. Nemati, Information security and ethics: concepts, methodologies, tools, and applications: concepts, methodologies, tools, and applications, in IGI Global (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Endencio-Robles, D., Robles, R.J., Balitanas-Salazar, M. (2021). Assessment of the Security Threats of an Institution’s Virtual Online Resources. In: Bhattacharyya, D., Thirupathi Rao, N. (eds) Machine Intelligence and Soft Computing. Advances in Intelligent Systems and Computing, vol 1280. Springer, Singapore. https://doi.org/10.1007/978-981-15-9516-5_36
Download citation
DOI: https://doi.org/10.1007/978-981-15-9516-5_36
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-9515-8
Online ISBN: 978-981-15-9516-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)