Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(164.4KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
An Empirical Study on the Security Measurements of Websites of Jordanian Public Universities
Mokhled S. Al-Tarawneh
Pages - 127 - 136     |    Revised - 01-10-2013     |    Published - 01-11-2013
Volume - 7   Issue - 4    |    Publication Date - November 2013  Table of Contents
MORE INFORMATION
KEYWORDS
Information System, Information Security, Information-security Measurement, Security Threats, Vulnerability Measurement and Penetration Test.
ABSTRACT
Most of the Jordanian universities’ inquiries systems, i.e. educational, financial, administrative, and research systems are accessible through their campus networks. As such, they are vulnerable to security breaches that may compromise confidential information and expose the universities to losses and other risks. At Jordanian universities, security is critical to the physical network, computer operating systems, and application programs and each area has its own set of security issues and risks. This paper presents a comparative study on the security systems at the Jordanian universities from the viewpoint of prevention and intrusion detection. Robustness testing techniques are used to assess the security and robustness of the universities’ online services. In this paper, the analysis concentrates on the distribution of vulnerability categories and identifies the mistakes that lead to a severe type of vulnerability. The distribution of vulnerabilities can be used to avoid security flaws and mistakes.
CITED BY (0)  
1 Google Scholar
2 CiteSeerX
3 refSeek
4 Scribd
5 SlideShare
6 PdfSR
1 Arkin, B., Stender, S., & McGraw, G. (2005). Software penetration testing. Security & Privacy,IEEE, 3, 84-87.
2 Bacudio, A., Yuan, X., Chu, B., & Jones, M. (2011). An Overview of Penetration Testing.Journal of Network Security & Its Applications (IJNSA), 3, 19-38.
3 Berinato, S. (2005). A Few Good Information Security Metrics. CSO Magazine.
4 Cook, W., & Rai, S. (2005). Safe Query Objects: Statically Typed Objects as Remotely Executable. Paper presented at the 27th International Conference on Software Engineering.
5 Dahl, O. M. (2005). Using Coloured Petri Nets in Penetration Testing. Unpublished Master's thesis, Gjøvik University College, Norway.
6 Feruza, S., & Kim, T.-h. (2007). IT Security Review: Privacy, Protection, Access Control,Assurance and System Security. International Journal of Multimedia and Ubiquitous Engineering, 2, 17-31.
7 Gleason, B. (2002). Web Services in Higher Education - Hype, Reality, Opportunities.Educause Quarterly, 25, 11-13.
8 Halfond, W., & Orso, A. (2005). AMNESIA: Analysis and Monitoring for Neutralizing SQLInjection Attacks. Paper presented at the International Conference on Automated Software Engineering.
9 Hansman, S., & Hunt, R. (2004). A taxonomy of network and computer attacks. Elsevier,Computers & Security, 24, 31-43.
10 Johnson, R., & Merkow, M. (2010). Security Policies and Implementation Issues: Jones and Bartlett Learning.
11 Meier, J., Mackman, A., & Wastell, B. (2005). Threat Modeling Web Applications: Microsoft Patterns & practices, Microsoft Corporation.
12 Peine, H., & Mandel, S. (2006). Security Test Tools for Web Applications (No. IESE ReportNr.048.06/D).
13 Petukhov, A., & Kozlov, D. (2008). Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis with Penetration Testing. Paper presented at the Application Security Conference.
14 Ristic, I. (2006). Web application firewalls primer. SECURE, 1, 6-10.
15 Singhal, A., Winograd, T., & Scarfone, K. (2007). Guide to Secure Web Services (No. MD20899-8930). Gaithersburg: National Institute of Standards and Technology.
16 Stolfo, S., Bellovin, S., & Evans, D. (2011). Measuring Security. Security & Privacy, IEEE, 9,60 - 65.
17 Su, Z., & Wassermann, G. (2006). The essence of command injection attacks in web applications. In ACM SIGPLAN Notices (Vol. 41, pp. 372-382).
18 www.gartner.com. Retrieved 26-12, 2012
19 www.mavitunasecurity.com/netsparker.
Dr. Mokhled S. Al-Tarawneh
Mutah University - Jordan
mokhled@mutah.edu.jo