Abstract
Slowly, but consistently, the digital gap between developing and developed countries is being closed. Everyday, there are initiatives towards relying on ICT to simplify the interaction between citizens and their governments in developing countries. E-government is thus becoming a reality: in Burkina Faso, all government bodies are taking part in this movement with web portals dedicated to serving the public. Unfortunately, in this rush to promote government actions within this trend of digitization, little regards is given to the security of such web sites. In many cases, government highly critical web sites are simply produced in a product line fashion using Content Management Systems which the webmasters do not quite master.
We discuss in this study our findings on empirically assessing the security of government websites in Burkina Faso. By systematically scanning these websites for simple and well-known vulnerabilities, we were able to discover issues that deserved urgent attention. As an example, we were able to crawl from temporary backup files in a government web site all information (hostname, login and password in clear) to read and write directly in the database and for impersonating the administrator of the website. We also found that around 50 % of the government websites are built on top of platforms suffering from 14 publicly known vulnerabilities, and thus can be readily attacked by any hacker.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Shteiman, B.: How your CMS could be breeding security vulnerabilities (2013). http://www.itproportal.com/2013/10/08/how-your-cms-could-be-breeding-security-vulnerabilities/
Bissyandé, T.F., Ouoba, J., Ahmat, D., Sawadogo, A.D., Sawadogo, Z.: Bootstrapping software engineering training in developing countries. In: Nungu, A., Pehrson, B., Sansa-Otim, J. (eds.) AFRICOMM 2014. LNICSSITE, vol. 147, pp. 261–268. Springer, Heidelberg (2015). doi:10.1007/978-3-319-16886-9_27
Tan, L., Liu, C., Li, Z., Wang, X., Zhou, Y., Zhai, C.: Bug characteristics in open source software. Emp. Softw. Eng. 19(6), 1665–1705 (2014)
Bissyandé, T.F., Réveillère, L., Lawall, J.L., Muller, G.: Diagnosys: automatic generation of a debugging interface to the linux kernel. In: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineerinh, ASE 2012 (2012)
Bissyandé, T.F., Réveillère, L., Lawall, J.L., Muller, G.: Ahead of time static analysis for automatic generation of debugging interfaces to the linux kernel. Autom. Softw. Eng. 23, 1–39 (2014)
Bissyandé, T.F., Thung, F., Lo, D., Jiang, L., Réveillere, L.: Popularity, interoperability, and impact of programming languages in 100,000 open source projects. In: Proceedings of the 37th Annual International Computer Software & Applications Conference, COMPSAC 2013, pp. 1–10 (2013)
Bissyandé, T.F., Ahmat, D., Ouoba, J., Stam, G., Klein, J., Traon, Y.: Sustainable ICT4D in Africa: where do we go from here? In: Bissyandé, T.F., Stam, G. (eds.) AFRICOMM 2013. LNICSSITE, vol. 135, pp. 95–103. Springer, Heidelberg (2014). doi:10.1007/978-3-319-08368-1_11
Moen, V., Klingsheim, A.N., Simonsen, K.I.F., Hole, K.J.: Vulnerabilities in e-governments. Int. J. Electron. Secur. Digit. Forensic 1(1), 89–100 (2007)
Wang, J.A., Zhang, F., Xia, M.: Temporal metrics for software vulnerabilities. In: Proceedings of the 4th Annual Workshop on Cyber Security, Information Intelligence Research: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead, CSIIRW 2008, pp. 44:1–44:3. ACM, New York (2008). Observation of strains. Infect Dis Ther. 3(1), 35–43 (2011)
Paleari, R., Marrone, D., Bruschi, D., Monga, M.: On race vulnerabilities in web applications. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 126–142. Springer, Heidelberg (2008). doi:10.1007/978-3-540-70542-0_7
Shahriar, H., Zulkernine, M.: Mitigating program security vulnerabilities: approaches and challenges. ACM Comput. Surv. 44(3), 11:1–11:46 (2012)
Ciampa, A., Visaggio, C.A., Di Penta, M.: A heuristic-based approach for detecting sql-injection vulnerabilities in web applications. In: Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, SESS 2010, pp. 43–49. ACM, New York (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Bissyandé, T.F. et al. (2016). Vulnerabilities of Government Websites in a Developing Country – the Case of Burkina Faso. In: Glitho, R., Zennaro, M., Belqasmi, F., Agueh, M. (eds) e-Infrastructure and e-Services. AFRICOMM 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 171. Springer, Cham. https://doi.org/10.1007/978-3-319-43696-8_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-43696-8_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-43695-1
Online ISBN: 978-3-319-43696-8
eBook Packages: Computer ScienceComputer Science (R0)