JavaScript is disabled for your browser. Some features of this site may not work without it.
- ResearchSpace
- →
- Research Publications/Outputs
- →
- Conference Publications
- →
- View Item
| dc.contributor.author |
Mtsweni, Jabu S
|
|
| dc.date.accessioned | 2017-07-28T08:53:32Z | |
| dc.date.available | 2017-07-28T08:53:32Z | |
| dc.date.issued | 2015-08-12 | |
| dc.identifier.citation | Mtsweni, JS. 2015. Analyzing the security posture of South African websites. 2015 Information Security for South Africa (ISSA), 12-13 August 2015, pp1-8., | en_US |
| dc.identifier.uri | http://hdl.handle.net/10204/9282 | |
| dc.description | Copyright: 2015 IEEE. Due to copyright restrictions, the attached PDF file only contains the abstract of the full text item. For access to the full text item, kindly consult the publisher's website | en_US |
| dc.description.abstract | oday, public-facing websites are virtually used across all different sectors by different types of organizations for information sharing and conducting core business activities. At the same time, the increasing use of mobile devices in Africa has also propelled the deployment and adoption of web-based applications. However, as the use of websites increases, so are the cyber-attacks. Web-based attacks are prevalent across the globe, and in South Africa an increase in such attacks is being observed. Research studies also suggest that over 80% of the active websites are vulnerable to a myriad of attacks. This paper reports on a study conducted to passively analyze and determine the security posture of over 70 South African websites from different sectors. The security posture of the local websites was thereafter compared against the top ten (10) global websites. The list of the websites was mainly chosen using the Amazon’s Alexa service. The focus of the study was mainly on the security defense mechanisms employed by the chosen websites. This approach was chosen because the client-side security policies, which may give an indication of the security posture of a website, can be analyzed without actively scanning multiple websites. Consequently, relevant web-based vulnerabilities and security countermeasures were selected for the analysis. The results of the study suggest that most of the 70 South African websites analyzed are vulnerable to cross-site scripting, injection vulnerabilities, clickjacking and man-in-middle attacks. Over 67% of the analyzed websites unnecessarily expose server information, approximately 50% of the websites do not protect session cookies, about 30% of the websites use secure communications, in particular for transmitting users’ sensitive information, and some websites use deprecated security policies. From the study, it was also determined that South African websites lag behind in adopting basic security defense mechanisms when compared against top global websites. | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | IEEE | en_US |
| dc.relation.ispartofseries | Worklist;15624 | |
| dc.subject | South African websites | en_US |
| dc.subject | Cybersecurity | en_US |
| dc.subject | Web applications | en_US |
| dc.subject | Security policies | en_US |
| dc.subject | Websecurity | en_US |
| dc.title | Analyzing the security posture of South African websites | en_US |
| dc.type | Conference Presentation | en_US |
| dc.identifier.apacitation | Mtsweni, J. S. (2015). Analyzing the security posture of South African websites. IEEE. http://hdl.handle.net/10204/9282 | en_ZA |
| dc.identifier.chicagocitation | Mtsweni, Jabu S. "Analyzing the security posture of South African websites." (2015): http://hdl.handle.net/10204/9282 | en_ZA |
| dc.identifier.vancouvercitation | Mtsweni JS, Analyzing the security posture of South African websites; IEEE; 2015. http://hdl.handle.net/10204/9282 . | en_ZA |
| dc.identifier.ris | TY - Conference Presentation AU - Mtsweni, Jabu S AB - oday, public-facing websites are virtually used across all different sectors by different types of organizations for information sharing and conducting core business activities. At the same time, the increasing use of mobile devices in Africa has also propelled the deployment and adoption of web-based applications. However, as the use of websites increases, so are the cyber-attacks. Web-based attacks are prevalent across the globe, and in South Africa an increase in such attacks is being observed. Research studies also suggest that over 80% of the active websites are vulnerable to a myriad of attacks. This paper reports on a study conducted to passively analyze and determine the security posture of over 70 South African websites from different sectors. The security posture of the local websites was thereafter compared against the top ten (10) global websites. The list of the websites was mainly chosen using the Amazon’s Alexa service. The focus of the study was mainly on the security defense mechanisms employed by the chosen websites. This approach was chosen because the client-side security policies, which may give an indication of the security posture of a website, can be analyzed without actively scanning multiple websites. Consequently, relevant web-based vulnerabilities and security countermeasures were selected for the analysis. The results of the study suggest that most of the 70 South African websites analyzed are vulnerable to cross-site scripting, injection vulnerabilities, clickjacking and man-in-middle attacks. Over 67% of the analyzed websites unnecessarily expose server information, approximately 50% of the websites do not protect session cookies, about 30% of the websites use secure communications, in particular for transmitting users’ sensitive information, and some websites use deprecated security policies. From the study, it was also determined that South African websites lag behind in adopting basic security defense mechanisms when compared against top global websites. DA - 2015-08-12 DB - ResearchSpace DP - CSIR KW - South African websites KW - Cybersecurity KW - Web applications KW - Security policies KW - Websecurity LK - https://researchspace.csir.co.za PY - 2015 T1 - Analyzing the security posture of South African websites TI - Analyzing the security posture of South African websites UR - http://hdl.handle.net/10204/9282 ER - | en_ZA |
