Moses Adah Agana,Bassey Igbo Ele

DOI: https://doi.org/10.48550/arXiv.1910.10830

2019-10-24

Abstract:A real time portal (<a class="link-external link-http" href="http://www.ganamoscybersecure.org" rel="external noopener nofollow">this http URL</a>) to enlighten people on how to protect their data in the web, the strategies adopted by cyber criminals to succeed in exploiting their victims as well as the mistakes made by people and organizations that make them prone to the menace of cyber crime has been designed in this paper. Critical observations were made over time on the degree of awareness and attitudes of people and organizations in some parts of South Africa and Nigeria towards information security. Interviews were conducted using structured questionnaire to elicit information. The outcome showed that most individuals and organizations lack adequate awareness on strategies adopted by cyber criminals, and pay little attention to securing their online data. The application of the services provided by the portal designed would be a sine qua non for contending with the menace of cyber <a class="link-external link-http" href="http://crime.act" rel="external noopener nofollow">this http URL</a>:

Computers and Society

Muhammed Sabo,,Zake Muwanga,Manjula V.S.,Saleh Auwal,,,

DOI: https://doi.org/10.59568/jasic-2023-4-1-06

2023-07-10

Abstract:The security of information technology, specifically web applications, has become an area of concern today. Computer cybercrime is now a significant problem that affects more than just businesses and organizations. Higher education institutions also began to experience computer threats that revealed their information assets. Universities, polytechnics, colleges of education, research centers, and other postsecondary institutions are probably the most vulnerable because they house sensitive data on their faculty, staff, and students, as well as academic records of scientific and technological advancements and research. The first step in an information system security strategy is risk analysis management It helps in assessing the risk of information assets to know their security level or status, and assist in define a security control measures and implementation of technical plan to avoid threats that exploit some vulnerability that could cause severe damage to an asset or infrastructure of institutions higher education (IHEs). This article presents some recommendations to perform a risk analysis management in IHEs to accessed threats and vulnerability that helps to lower the risk of their information assets. This article presents existing educational threat and vulnerability on their web applications. Ensuring security is a goal of every organization regardless of its size or purpose and also proposed a risk management model. With the information technology, an organization may be considered secure when it ensures the confidentiality, integrity, and availability of information and IT assets. Confidentiality may be broken due to theft of sensitive information such as trade secrets, clients’ personal information.

Samuel Cris Ayo,Bonaventure Ngala,Olasunkanmi Amzat,Robin Lal Khoshi,Samarappulige Isuru Madusanka

DOI: https://doi.org/10.48550/arXiv.1812.04659

2018-12-12

Abstract:Owing to recorded incidents of Information technology inclined organisations failing to respond effectively to threat incidents, this project outlines the benefits of conducting a comprehensive risk assessment which would aid proficiency in responding to potential threats. The ultimate goal is primarily to identify, quantify and control the key threats that are detrimental to achieving business objectives. This project carries out a detailed risk assessment for a case study organisation. It includes a comprehensive literature review analysing several professional views on pressing issues in Information security. In the risk register, five prominent assets were identified in respect to their owners. The work is followed by a qualitative analysis methodology to determine the magnitude of the potential threats and vulnerabilities. Collating these parameters enabled the valuation of individual risk per asset, per threat and vulnerability. Evaluating a risk appetite aided in prioritising and determining acceptable risks. From the analysis, it was deduced that human being posed the greatest Information security risk through intentional/ unintentional human error. In conclusion, effective control techniques based on defence in-depth were devised to mitigate the impact of the identified risks from risk register.

Computers and Society,Cryptography and Security

Olawale Adebayo,Shafii Muhammad Abdulhamid

DOI: https://doi.org/10.48550/arXiv.1402.0921

2014-02-05

Computers and Society

Abstract:The recent employment and eventual widespread acceptance of electronic test in examining students and various classes in Nigeria has created a significant impact in the trends of educational history in the country. In this paper, we examined the impacts, associated challenges and security lapses of the existing electronic-examination system with the aim of ameliorating and developing a new acceptable e-Exam system that takes care of the existing systems challenges and security lapses. Six Universities that are already conducting e- Examination were selected across the country for this research work. Twenty students that participated in the e-exams and five members of staff were selected for interview and questionnaire. Based on the analysis of the interviews and study of the existing electronic examination system, some anomalies were discovered and a new e-exams system was developed to eradicate these anomalies. The new system uses data encryption in order to protect the questions sent to the e-Examination center through the internet or intranet and a biometric fingerprint authentication to screen the stakeholders.

Mohd Faiz Hilmi,Yanti Mustapha

DOI: https://doi.org/10.48550/arXiv.2209.11196

2022-06-03

Cryptography and Security

Abstract:Information technology has made e-learning possible and available on a large scale. Learning management system (LMS) has been widely used and is accessible through the Internet. However, LMS are exposed to various threats. Proper understanding of the threats is required. Furthermore strategy and best practices countermeasures will ensure a safe learning environment. Therefore, this study looks into the information security aspect of LMS. Specifically, there are two main purposes of this study. First, this study provides a review of information security in e-learning environments and explains the importance of information security. Second, this study looks at how student perceived the security of their e-learning portal. A total of 497 students responded to a survey questionnaires. Frequencies analysis was conducted to show the profile of the respondent. Overall, respondent has strong positive perceptions towards security of their LMS. This study serve as an introduction which help LMS administrator to understand the issues and possibilities related to the safety of LMS.

Solomon Nii Nikoi,Christian Adu-Boahene,Alberta Nsiah-Konandu

DOI: https://doi.org/10.9734/ajrcos/2022/v13i130304

2022-01-07

Asian Journal of Research in Computer Science

Abstract:The increasing complexity of information systems, as well as the rapid development of new vulnerabilities and exploits, the security of campus networks needs to be hardened to minimize or eradicate security flaws. Aim: To discover the vulnerabilities and enhance the creation and deployment of secured campus network. Place and Duration of study: University of Education, Winneba – Kumasi campus. Methodology: The integration of De-Militarized zone and Honeypot techniques was used to beef up the security of the campus network against vulnerabilities and exploits. Penetration testing was used in the assessment of the University of Education’s network infrastructure, and to demonstrate attacks and intrusion into the network infrastructure. Results: Two firewall DMZ architecture techniques protect sensitive resources of the campus network by sanctioning the inflow and outflow of traffic, determining which segment allow and disallow traffic, whiles the Honeypot techniques were configured to keep the attention of attackers diverted from the main network, the full strength of an attack, until the administrators are prepared to put the effective counter in place. The fusion of DMZ and, Honeypot provide the System Administrators to effectively management the security of the campus networks. Conclusion: Honeypots are used to detect vulnerabilities based on the attacker’s behaviour and, data collected by honeypots can be used to enhance other security technologies. The fusion of DMZ and Honeypot into the security models of the campus network made it more robust.

S. Altayaran,Wael Elmedany

DOI: https://doi.org/10.1109/ICDABI53623.2021.9655950

2021-10-25

Abstract:The rising of technology in the 21st century grows in a way that we never thought of before. The COVID-19 pandemic shifted many organizations in different sizes, specialties, and sectors to work online, resulting in a critical need to secure their software, applications, and web-based applications. Furthermore, Organizations that do not implement security in the Software Development Life Cycle (SDLC) process often discover that their applications suffer from security flaws and security bugs, thus exposing their applications to attacks. Applying security measures to the SDLC will ensure that applications are secure from the early planning stages until release. Penetration testing is an essential security measure and is counted as one of the best security practices applied to applications because it focuses on the technical part of application security. Each kind of application the organization uses, in-house developed applications or on-the-shelf applications, has its method for penetration testing. This paper is a systematic literature review that examines the web application security measures and the penetration testing methods and tools to detect vulnerabilities on web applications. Moreover, it gives a general view of adapting penetration testing as a security approach to the SDLC.

Engineering,Medicine,Computer Science

Muhammad Idris,Iwan Syarif,Idris Winarno

DOI: https://doi.org/10.24003/emitter.v10i2.705

2022-12-16

EMITTER International Journal of Engineering Technology

Abstract:The trend of API-based systems in web applications in the last few years keeps steadily growing. API allows web applications to interact with external systems to enable business-to-business or system-to-system integration which leads to multiple application innovations. However, this trend also comes with a different surface of security problems that can harm not only web applications, but also mobile and IoT applications. This research proposed a web application security education platform which is focused on the OWASP API security project. This platform provides different security risks such as excessive data exposure, lack of resources and rate-limiting, mass assignment, and improper asset management which cannot be found in monolithic security learning application like DVWA, WebGoat, and Multillidae II. The development also applies several methodologies such as Capture-The-Flag (CTF) learning model, vulnerability assessment, and container virtualization. Based on our experiment, we are successfully providing 10 API vulnerability challenges to the platform with 3 different levels of severity risk rating which can be exploited using tools like Burp Suite, SQLMap, and JWTCat. In the end, based on our performance experiment, all of the containers on the platform can be deployed in approximately 16 seconds with minimum storage resource and able to serve up to 1000 concurrent users with the average throughput of 50.58 requests per second, 96.35% successful requests, and 15.94s response time.

Benjamin Moral,Mudashir Gafar

DOI: https://doi.org/10.54729/dano4654

2021-09-30

Architecture and Planning Journal

Abstract:People across the world face growing insecurity, violent conflict spreading and intensifying and the natural systems on which human life depends on, is in jeopardy. Also, today the security condition of student hostel has become one of the major challenges facing Nigerian institutions, with continual media coverage of the state of insecurity of the students’ hostel, level of theft, burglary, abductions, and kidnappings. This research set out to proffer solutions to the rising insecurity challenges in the students’ hostel. This was achieved through the development of a framework from CPTED, on architectural strategies used to deter crime from thriving in the students’ hostel environment. A user perception survey was carried out using questionnaire issued to occupants of the various hostels. A case study was also carried out using visual survey and checklist to identify safety and security inadequacies in the buildings. Findings from questionnaire and case study revealed that the perceived level of safety was higher in Abubakar Tafawa Balewa University, Bauchi, then University of Maiduguri and least perception of students’ safety and security seen in Adamawa State University, Mubi. Hence, confirming the need to improve the impediment of variables like perimeter control, building configuration, external wall design, window design and site planning and layout, in respect to CPTED principles in the design of student hostel buildings in Nigeria.

Sabarathinam Chockalingam,Harjinder Singh Lallie

DOI: https://doi.org/10.5121/ijsptm.2014.3401

2014-09-10

Abstract:Social Media Site (SMS) usage has grown rapidly in the last few years. This sudden increase in SMS usage creates an opportunity for data leakage which could compromise personal and/or professional life. In this work, we have reviewed traditional penetration testing process and discussed the failures of traditional penetration testing process to test the 'People' layer of Simple Enterprise Security Architecture (SESA) model. In order to overcome these failures, we have developed the conceptual idea of online SMS user account penetration testing system that could be applied to online SMS user account and the user account could be categorised based on the rating points. This could help us to avoid leaking information that is sensitive and/or damage their reputation. Finally, we have also listed the best practice guidelines of online SMS usage.

Social and Information Networks,Computers and Society

Oluwatosin Samuel Falebita

DOI: https://doi.org/10.48550/arXiv.2211.00072

2022-10-25

Computers and Society

Abstract:The reliability and success of any organization such as academic institution rely on its ability to provide secure, accurate and timely data about its operations. Erstwhile managing student information in academic institution was done through paper-based information system, where academic records are documented in several files that are kept in shelves. Several problems are associated with paper-based information system. Managing information through the manual approach require physical exertion to retrieve, alter, and re-file the paper records. These are nonvalue added services results in data inconsistency and redundancy, currently institutions have migrated to web-based student information management system without considering the security architecture of the web portal. This project seeks to ameliorates and secure how information is being managed in Nigeria Police Academy through the development of a secured web-based student information management system, which has a friendly user interface that provides an easy and secure way to manage academic information such as students information, staff information, course registration, course materials and results. This project was developed using Laravel 5.5 PHP Framework to provide a robust secure web-based student information system that is not vulnerable to 2018 OWASP TOP 10 web vulnerabilities.

A. T. Aniwange,P. T. Nyishar,B. S. Afolabi,A. O. Ejidokun

DOI: https://doi.org/10.48550/arXiv.2111.00222

2021-10-30

Software Engineering

Abstract:Educational portal (EP) is a multi-function website that allows access to activities such as public and private sections, data retrieval and submission, personalized content and so on for the educational system. This study investigated the specific requirement for the enhancement of quality and behavior of EP with regards to time and cost using Obafemi Awolowo University (OAU), Ile-Ife, Nigeria as a case study. A test automation framework was designed using unified modelling language and implemented in Java programming language. MySQL and Excel database were used to store test data. The framework developed was evaluated using Test Time Performance (TTP), Performance Test Efficiency (PTE) and Automation Scripting Productivity (ASP) metrics. The results from the evaluation of the sample data provided showed that ASP produced a tested outcome of 360 operations per hour, PTE yielded 80% and TTP was just 4%. Based on the recorded performance, it is evident that the research can provide quick and firsthand information to quality assurance analyst and software testers, thereby reducing maintenance cost during software development.

Steve Goliath,Pitso Tsibolane,Dirk Snyman

2024-11-06

Abstract:Cyberattacks frequently target higher educational institutions, making cybersecurity awareness and resilience critical for students. However, limited research exists on cybersecurity awareness, attitudes, and resilience among students in higher education. This study addresses this gap using the Theory of Planned Behavior as a theoretical framework. A modified Human Aspects of Information Security Questionnaire was employed to gather 266 valid responses from undergraduate and postgraduate students at a South African higher education institution. Key dimensions of cybersecurity awareness and behavior, including password management, email usage, social media practices, and mobile device security, were assessed. A significant disparity in cybersecurity awareness and practices, with postgraduate students demonstrating superior performance across several dimensions was noted. This research postulates the existence of a Cybersecurity-Education Inflection Point during the transition to postgraduate studies, coined as the Cybersecurity-Resilience Gap. These concepts provide a foundation for developing targeted cybersecurity education initiatives in higher education, particularly highlighting the need for earlier intervention at the undergraduate level.

Cryptography and Security

Lwin Khin Shar,Christopher M. Poskitt,Kyong Jin Shim,Li Ying Leonard Wong

DOI: https://doi.org/10.48550/arXiv.2204.12416

2022-04-26

Cryptography and Security

Abstract:Cybersecurity education is considered an important part of undergraduate computing curricula, but many institutions teach it only in dedicated courses or tracks. This optionality risks students graduating with limited exposure to secure coding practices that are expected in industry. An alternative approach is to integrate cybersecurity concepts across non-security courses, so as to expose students to the interplay between security and other sub-areas of computing. In this paper, we report on our experience of applying the security integration approach to an undergraduate web programming course. In particular, we added a practical introduction to secure coding, which highlighted the OWASP Top 10 vulnerabilities by example, and demonstrated how to identify them using out-of-the-box security scanner tools (e.g. ZAP). Furthermore, we incentivised students to utilise these tools in their own course projects by offering bonus marks. To assess the impact of this intervention, we scanned students' project code over the last three years, finding a reduction in the number of vulnerabilities. Finally, in focus groups and a survey, students shared that our intervention helped to raise awareness, but they also highlighted the importance of grading incentives and the need to teach security content earlier.

Samir Lemes

DOI: https://doi.org/10.48550/arXiv.1404.3707

2014-04-15

Abstract:Information is the key asset of all organizations and can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by mail or by electronic means, shown in films, or spoken in conversation. In today's competitive business environment, such information is constantly under threat from many sources, which can be internal, external, accidental, or malicious. Joomla is a very popular Content Management System (CMS) used for web page maintenance. This highly versatile software has found itself in both large corporate web portals, and simple web pages such as blogs. Such popularity increases its vulnerability to potential attacks and therefore needs an appropriate security management. ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) created the series of standards aimed at providing a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). This paper shows how principles set in ISO/IEC 27000 series of standards can be used to improve security of Joomla based web portals.

Cryptography and Security

Shafii Muhammad Abdulhamid,Ismaila Idris

DOI: https://doi.org/10.48550/arXiv.1402.1241

2014-02-06

Abstract:Today, Nigerian Universities feel pressured to get a portal up and running dynamic, individualized web systems have become essential for institutions of higher learning. As a result, most of the Nigerian University portals nowadays do not meet up to standard. In this paper, ten Nigerian University portals were selected and their design evaluated in accordance with the international best practices. The result was revealing.

Computers and Society

Neville Palmer

DOI: https://doi.org/10.1109/iccece46942.2019.8941804

2019-08-01

Abstract:Security is an essential aspect of the subject of computer networking in which students must understand the concepts and be confident in configuring security mechanisms on a range of network devices and systems as part of a Defence in Depth approach to IT security. Challenges are faced in assessing practical security exercises in a laboratory environment involving multivariate devices and operating systems that involve real equipment or simulation and real or virtualized environments. The working environment for a practical exercise must be pre-configured and once an exercise is completed the results extracted to enable formative or summative assessment of the outcomes of the exercise. Using manual methods this process can be time consuming and it would therefore be beneficial to implement some form of automation. To facilitate this a new application has been developed that automates the configuration management and assessment processes within a computer networking laboratory. The new application has been successfully used to assess the extent to which students have been able to configure a secure network utilizing a Defence in Depth approach within a case-study based exercise. The development challenges of the application and rationale for the implementation of the prototype application are discussed. A test methodology is presented and the results of applying this to the outcomes of a network security exercise are analysed. This demonstrates that the prototype application is able to assess the configuration of network security, in the context of defined parameters, to a high degree of accuracy. Further work might look at using the system to assess the security of business and industrial network in contrast to educational usage.

Harjinder Singh Lallie,Andrew Thompson,Elzbieta Titis,Paul Stephens

DOI: https://doi.org/10.48550/arXiv.2307.07755

2023-07-15

Cryptography and Security

Abstract:Universities hold and process a vast amount of valuable user and research data. This makes them a prime target for cyber criminals. Additionally, universities and other educational settings, such as schools and college IT systems, have become a prime target for some of their own students -- often motivated by an opportunity to cause damage to networks and websites, and/or improve their grades. This paper provides a focused assessment of the current cyber security threat to universities, colleges, and schools (`the education sector') worldwide, providing chronological sequencing of attacks and highlighting the insider threat posed by students. Fifty-eight attacks were identified, with ransomware being the most common type of external attack, and hacking motivated by personal gain showing as the most common form of internal attack. Students, who have become a significant internal threat by either aiding or carrying out attacks are not a homogeneous group, as students may be motivated by different factors, therefore calling for targeted responses. Furthermore, the education sector is increasingly reliant on third party IT service providers meaning attacks on third parties can impact the university and its users. There is very little research analysing this problem, even less research analysing the problem in the context of schools. Hence this paper provides one of the first known assessment of the cyber attacks against the education sector, focusing on insider threat posed by students and offering recommendations for mitigating wider cyber threats.

Rajasekar Ramalingam,Ramkumar Lakshminarayanan,Shimaz Khan

DOI: https://doi.org/10.48550/arXiv.1605.05580

2016-05-17

Abstract:The gap between the knowledge and the practices regarding the computer and Internet use are the major factors which influence security of Information. A survey was performed on the education institutions in Oman to investigate the level of information security awareness among various entities. The survey focused on the following factors of IT Security: Demographics, Internet usage, Awareness about organizations network Security threats experience, Awareness on Password management, Email security awareness and Knowledge on security practices. The survey attracted 173 respondents: the level of information security awareness and knowledge on security practices were correlated and analyzed. The areas of weakness related to the security implementation, awareness and practice were identified.

Computers and Society,Cryptography and Security

Mahmoud Mohammadi,Bill Chu,Heather Richter Lipford,Emerson Murphy-Hill

DOI: https://doi.org/10.1145/2896921.2896929

2018-04-03

Abstract:Integrating security testing into the workflow of software developers not only can save resources for separate security testing but also reduce the cost of fixing security vulnerabilities by detecting them early in the development cycle. We present an automatic testing approach to detect a common type of Cross Site Scripting (XSS) vulnerability caused by improper encoding of untrusted data. We automatically extract encoding functions used in a web application to sanitize untrusted inputs and then evaluate their effectiveness by automatically generating XSS attack strings. Our evaluations show that this technique can detect 0-day XSS vulnerabilities that cannot be found by static analysis tools. We will also show that our approach can efficiently cover a common type of XSS vulnerability. This approach can be generalized to test for input validation against other types injections such as command line injection.

Cryptography and Security