Survey of Websites and Web Application Security Threats Using Vulnerability Assessment

Abstract

Nowadays information has become anasset to many institutions and as a result these institutions have become targets for people with malicious intents to attack these institutions. The web is now an important means of transacting business and without security, websites cannot thrive in today’s complex computer ecosystem as there are new threats emerging as old ones are being tackled. Vulnerability assessment of websites is one of the means by which security can be improved on websites. This research seek to study and use vulnerability assessment as a tool to improve security by identifying vulnerabilities and proposing solutions to solve the security issues. Assessment was done on 5 web hosts belonging to different institutions in Ghana. Nmap, Nikto and Nessus were the tools used for the assessment, the assessment was carried out in four stages, and the first stage in the assessment was planning which involved activities and configurations performed before the actual assessment. The second stage was information gathering which involved obtaining information about the targets necessary to help identify vulnerabilities. This was followed by vulnerability scanning to identify vulnerabilities on the target hosts. The results indicated all the five hosts had security flaws which needed to be addressed. In all 16 vulnerabilities were identified on host 1, 8 vulnerabilities were identified on host 2, 15 vulnerabilities on host 3, 4 vulnerabilities on host 4 and 10 vulnerabilities on host 5. After the vulnerabilities were identified, a solution was proposed to mitigate the security flaws identified.