Md. Asif Khan Rifat

Work place: Institute of Information Technology, University of Dhaka, Dhaka 1000, Bangladesh

E-mail: rifat.asifkhan@gmail.com

Website:

Research Interests: Software Creation and Management, Software Engineering, Data Mining

Biography

Md. Asif Khan Rifat is a graduate student at Information Technology (IIT), University of Dhaka. Currently, he is pursuing his Master of Science in Software Engineering. He earned his bachelor of science in Computer Science and Engineering from North South University. His major areas of research interest are machine learning, data mining, web security, and software engineering.

Author Articles
Vulnerabilities Assessment of Financial and Government Websites: A Developing Country Perspective

By Md. Asif Khan Rifat Yeasmin Sultana B M Mainul Hossain

DOI: https://doi.org/10.5815/ijieeb.2023.05.05, Pub. Date: 8 Oct. 2023

The growing number of web applications in a developing country like Bangladesh has led to an increase in cybercrime activities. This study focuses on measuring the vulnerabilities present in financial and government websites of Bangladesh to address the rising security concerns. We reviewed related works on web application vulnerability scanners, comparative studies on web application security parameters, surveys on web application penetration testing methodologies and tools, and security analyses of government and financial websites in Bangladesh. Existing studies in the context of developing countries have provided limited insight into web application vulnerabilities and their solutions. These studies have focused on specific vulnerabilities, lacked comprehensive evaluations of security parameters, and offered a limited comparative analysis of vulnerability scanners. Our study aims to address these gaps by conducting an in-depth analysis using the OWASP ZAP tool to scan and analyze risk alerts, including risk levels such as high, medium, low, and informational. Our investigation unveiled eight key vulnerabilities, including Hash Disclosure, SQL injection (SQLi), Cross-Site Request Forgery (CSRF), missing Content Security Policy (CSP) headers, Cross-Domain JavaScript File Inclusion, absence of X-Content-Type-Options headers, Cache-related concerns, and potential Cross-Site Scripting (XSS), which can lead to revealing hidden information, enabling malicious code, and failing to protect against specific types of attacks. In essence, this study does not only reveal major security weaknesses but also provides guidance on how to mitigate them, thereby playing a vital role in promoting enhanced cybersecurity practices within the nation.

[...] Read more.
Other Articles