Abstract
In spite that HLIs in Tanzania use web-based systems for managing, storing and processing of HLIs information and data such as website contents, academic results and financial records. The HLIs web-based system have been compromised by attackers due to presence of vulnerabilities. The main objective of this study is to assess the vulnerabilities of Students Records Web-based Systems (SRWBS) for private and public Higher Learning Institutions (HLIs) in Tanzania using black-box testing methodology by employing two automatic vulnerability scanners namely OWASP ZAP (Open Webs Application Security Project Zed Attack Proxy; open-source tool) and Acunetix (proprietary tool). This study assesses the vulnerability of SRWBS for 3 private HLIs and 5 public HLIs in Tanzania. The results reveal the total of 29 vulnerabilities which include but are not limited to Broken Authentication and Session Management, Broken Access Control, Security Misconfiguration, Sensitive Data Exposure, Vulnerable JS (Java Script) Libraries, CSRF (Cros Site Request Forgery), Using Components with Known Vulnerabilities, XSS (Cross Site Script), DOM (Document Object Model) based XSS and Reflected XSS. SRWBS of public HLIs were found more vulnerable by average 44.2% than the SRWBS of private HLIs which were vulnerable by average of 37%. Based on these results, this study provides some recommendations for mitigating vulnerabilities and improving the security of SRWBS for private and public HLIs in Tanzania.
Published Version (Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.