DIGITAL LIBRARY
IDENTIFYING SECURITY ISSUES IN A HIGHER EDUCATION'S INSTITUTE CMS LAB SITE
Univesity of Piraeus (GREECE)
About this paper:
Appears in: EDULEARN14 Proceedings
Publication year: 2014
Pages: 3349-3354
ISBN: 978-84-617-0557-3
ISSN: 2340-1117
Conference name: 6th International Conference on Education and New Learning Technologies
Dates: 7-9 July, 2014
Location: Barcelona, Spain
Abstract:
In recent years Internet has experienced tremendous growth due to the fact that computers and other means of accessing it (Tablets, PDA, mobile phones) are becoming more economically thereby accessible by more and more people and more frequently [1] . Also access speeds have increased dramatically either household access or access via mobile networks and it is easy to view multimedia content. For these reasons, more and more applications are being created and developed, which make use of the internet aiming at information, collaboration, social networking, etc.
Now almost every Internet user can acquire his own website without the need for special knowledge as he can find instructions for doing so almost everywhere on the web. The result is that there is a wealth of information for which there should be safety. Unfortunately there are many places that the average user can leave gaps in the security of his application and now hackers are turning from the networks on web applications where small errors can hide large risk [2].
For this reason several automatic tools have been developed for finding security holes that detect and inform the user about the gaps that may be present in his application. These tools, however, are not perfect and can not make full detection of problems and often show false positive results [3]. Therefore a choice of tools have been made that differ between them in order to gain an insight into what may be best for the average user who wants to ensure as much as possible his application.

The purpose of the paper is the explanation of key security issues on the internet and the demonstration of the effects that may have been lacking in this area. It will also be a comparison as to the number, diversity and the validity of the results which were obtained from the auditing. Therefore a better picture of the tools used will be developed and it will be able to make a comparison and evaluation in order to arrive at what each offers and what type of use is more appropriate.
The final deliverable will present the results of the tests before and after checking their validity so that we can draw conclusions. Also there will be a demonstration of some methods of penetration and operating at frequent security flaws.

Specifically the final deliverable is trying to cover the following purposes:
• Check whether an educational institution website is safe
• Presentation of vulnerability search tools in different operating systems and with different terms of use (open code, commercial)
• Comparison of tools to the number and validity of the results
• Demonstration of the consequences of the lack of security in web applications
In general the main purpose is to alert and inform all the Internet users, amateur or not that they should be very careful even in trusted websites. Also tools to identify security flaws will be demonstrated and compared so the user who wants to secure his app can decide which one fits his purpose best.

References:
[1] The World in 2013: ICT Facts and Figures. 2013, International Telecommunication Union: Geneva.
[2] Fonseca, J., M. Vieira, and H. Madeira. Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks. in Dependable Computing, 2007. PRDC 2007. 13th Pacific Rim International Symposium on. 2007.
[3] Van der Loo, F., Comparison of penetration testing tools for web applications. 2011, Masters thesis from Radboud Universiteit Nijmegen, Netherlands.
Keywords:
Web vulnerabilities, vulnerability scanners.