Work place: Institute of Information Technology, University of Dhaka, Dhaka 1000, Bangladesh
E-mail: rifat.asifkhan@gmail.com
Website:
Research Interests: Software Creation and Management, Software Engineering, Data Mining
Biography
Md. Asif Khan Rifat is a graduate student at Information Technology (IIT), University of Dhaka. Currently, he is pursuing his Master of Science in Software Engineering. He earned his bachelor of science in Computer Science and Engineering from North South University. His major areas of research interest are machine learning, data mining, web security, and software engineering.
By Md. Asif Khan Rifat Yeasmin Sultana B M Mainul Hossain
DOI: https://doi.org/10.5815/ijieeb.2023.05.05, Pub. Date: 8 Oct. 2023
The growing number of web applications in a developing country like Bangladesh has led to an increase in cybercrime activities. This study focuses on measuring the vulnerabilities present in financial and government websites of Bangladesh to address the rising security concerns. We reviewed related works on web application vulnerability scanners, comparative studies on web application security parameters, surveys on web application penetration testing methodologies and tools, and security analyses of government and financial websites in Bangladesh. Existing studies in the context of developing countries have provided limited insight into web application vulnerabilities and their solutions. These studies have focused on specific vulnerabilities, lacked comprehensive evaluations of security parameters, and offered a limited comparative analysis of vulnerability scanners. Our study aims to address these gaps by conducting an in-depth analysis using the OWASP ZAP tool to scan and analyze risk alerts, including risk levels such as high, medium, low, and informational. Our investigation unveiled eight key vulnerabilities, including Hash Disclosure, SQL injection (SQLi), Cross-Site Request Forgery (CSRF), missing Content Security Policy (CSP) headers, Cross-Domain JavaScript File Inclusion, absence of X-Content-Type-Options headers, Cache-related concerns, and potential Cross-Site Scripting (XSS), which can lead to revealing hidden information, enabling malicious code, and failing to protect against specific types of attacks. In essence, this study does not only reveal major security weaknesses but also provides guidance on how to mitigate them, thereby playing a vital role in promoting enhanced cybersecurity practices within the nation.
[...] Read more.Subscribe to receive issue release notifications and newsletters from MECS Press journals