Vulnerabilities of Government Websites in a Developing Country – The Case of Burkina Faso
| Autor: | Tegawendé F. Bissyandé, Ouoba, Jonathan, Ahmat, Daouda, Ouédraogo, Fréderic, Béré, Cédric, Bikienga, Moustapha, Sere, Abdoulaye, Dandjinou, Mesmin, Sié, Oumarou |
|---|---|
| Přispěvatelé: | Interdisciplinary Centre for Security, Reliability and Trust [Luxembourg] (SnT), Université du Luxembourg (Uni.lu), VTT Technical Research Centre of Finland (VTT), Université Virtuelle du Tchad, Université Norbert ZONGO de Koudougou, Université Joseph Ki-Zerbo [Ouagadougou] (UJZK), Université Polytechnique Nazi Boni Bobo-Dioulasso (UNB), EAI, FasoLabs, Bissyandé, Tegawendé F. |
| Jazyk: | angličtina |
| Rok vydání: | 2015 |
| Předmět: |
Computer science [C05] [Engineering
computing & technology] websites vulnerabilities CMS [INFO.INFO-DL]Computer Science [cs]/Digital Libraries [cs.DL] security developing countries [INFO.INFO-DL] Computer Science [cs]/Digital Libraries [cs.DL] web security Sciences informatiques [C05] [Ingénierie informatique & technologie] e-government |
| Zdroj: | Proceedings of AFRICOMM 2015 Seventh International EAI Conference on e-infrastructure and e-Services for Developing Countries (AFRICOMM 2015) Seventh International EAI Conference on e-infrastructure and e-Services for Developing Countries (AFRICOMM 2015), EAI, Dec 2015, Cotonou, Benin. pp.11-14 BASE-Bielefeld Academic Search Engine 7th International Conference on e-Infrastructure and e-Services for Developing Countries. (2015). |
| Popis: | International audience; Slowly, but consistently, the digital gap between developing and developed countries is being closed. Everyday, there are initiatives towards relying on ICT to simplify the interaction between citizens and their governments in developing countries. E-government is thus becoming a reality: in Burkina Faso, all government bodies are taking part in this movement with web portals dedicated to serving the public. Unfortunately, in this rush to promote government actions within this trend of digitization, little regards is given to the security of such web sites. In many cases, government highly critical web sites are simply produced in a product line fashion using Content Management Systems which the webmasters do not quite master. We discuss in this study our findings on empirically assessing the security of government websites in Burkina Faso. By systematically scanning these websites for simple and well-known vulnerabilities, we were able to discover issues that deserved urgent attention. As an example, we were able to crawl from temporary backup files in a government web site all information (hostname, login and password in clear) to read and write directly in the database and for impersonating the administrator of the website. We also found that around 50% of the government websites are built on top of platforms suffering from 14 publicly known vulnerabilities, and thus can be readily attacked by any hacker. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|