Page 77 - The-5th-MCAIT2021-eProceeding
P. 77
Security Assessment for Education Websites in
Saudi Arabia
a
b
Almirabi Anas Anwar M , Mohd Zamri Murah *
a,b Pusat Keselamatan Siber, Universiti Kebangsaan Malaysia
* Email: zamri@ukm.edu.my
Abstract
Many educational institutions use educational websites to improve teaching and learning. How- ever, these educational
websites are open to cyberattacks. In this paper, we proposed a framework to access the cyber readiness of educational websites.
We used education websites in Saudi Ara bia as a case study. The framework consists of four phases: Reconnaissance,
Enumeration, Scanning, Vulnerability Assessment, and Content Analysis. The reconnaissance phase uses OSINT
technology, Enumeration and Scanning uses Nmap, Vulnerability Assessment using automated scanning tools, and Content
Analysis uses SSL tools. In our case study, we evaluated 12 Saudi Arabia educational websites. Our result indicated that
cyber readiness for the 12 websites varies. We found many cybersecurity issues among the websites, such as outdated
operating systems, unnecessary open ports, improper running services, a high number of web vulnerabilities, and low-grade
SSL implementation. These issues, if not remedied, would provide a high probability of successful cyber attacks from
hackers.
Keywords: web security, security assessment, penetration testing
1. Introduction
As more educational institutions seek to offer online learning and services, education web- sites have grown
increasingly important (Mburano & Si, 2018). These websites, on the other hand, are attractive targets for
cyberattacks for a variety of reasons. To begin with, distinguishing between a legitimate and malicious user is
difficult. When a user interacts with a website, data is exchanged, and determining malicious data or exchange
can be difficult. Second, web applications have grown in complexity and become more vulnerable to security
flaws. Hackers could take advantage of these flaws to gain access to the system. Thirdly, design flaws, incorrect
configuration, and a lack of updates can all lead to vulnerabilities. Fourth, educational institutions are frequently
targeted by hackers because they are easily exploitable and contain a wealth of valu-able information. Data
leakage, loss of privacy, financial effect, and loss of consumer trust are all consequences of cyberattacks. For
these reasons, websites should be prepared for cyberattacks with a high level of cybersecurity readiness (Shah
& Mehtre, 2014).
This study presents a framework for assessing cyber readiness for educational websites. As a case study,
we looked at educational websites in Saudi Arabia. We could detect threats and vulnerabilities using the
framework and make recommendations to increase the cyber resilience of websites.
In Saudi Arabia, there has been an increase in demand for online educational websites. Every Saudi citizen
has free access to public education from primary school to college. Education is Saudi Arabia’s second-
largest government expenditure, accounting for 8.8% of the country’s gross domestic product (Alotaibi, 2013).
However, there is currently no study on the level of cyber readiness of educational websites in Saudi Arabia.
E- Proceedings of The 5th International Multi-Conference on Artificial Intelligence Technology (MCAIT 2021) [64]
Artificial Intelligence in the 4th Industrial Revolution
