Security evaluation of Saudi Arabia's websites using open source tools

Abstract

Using e-services in Saudi Arabia is growing. Using such services offers a wide range of benefits and makes people's life easier. However, the development and the deployment of these e-services on the Internet increase the likelihood of exposure to cyber-attacks. Attackers take advantage of vulnerabilities in these e-services. Vulnerabilities arise as a result of weaknesses in the programming, miss-configuration or lack of updates. It is unfortunate that only little effort is done to evaluate the security posture of Saudi Arabia's websites. In this paper, 150 Financial, Academic, Governmental and commercial organizations websites were assessed using open source tools. In addition, a comparison between governmental and commercial websites was done based on the numbers of vulnerabilities found. The results show that Saudi Arabia's websites suffer from high, medium and low impact vulnerabilities. For example; 17.5% of websites are vulnerable to SQL injection, 13.5% are vulnerable to Shell injection, and 61% are vulnerable to Clickjacking. Finally, the evaluation showed that commercial websites are more secure than governmental websites.