Advertisement

Vulnerabilities of Government Websites in a Developing Country – the Case of Burkina Faso

  • Tegawendé F. BissyandéEmail author
  • Jonathan Ouoba
  • Daouda Ahmat
  • Fréderic Ouédraogo
  • Cedric Béré
  • Moustapha Bikienga
  • Abdoulaye Sere
  • Mesmin Dandjinou
  • Oumarou Sié
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 171)

Abstract

Slowly, but consistently, the digital gap between developing and developed countries is being closed. Everyday, there are initiatives towards relying on ICT to simplify the interaction between citizens and their governments in developing countries. E-government is thus becoming a reality: in Burkina Faso, all government bodies are taking part in this movement with web portals dedicated to serving the public. Unfortunately, in this rush to promote government actions within this trend of digitization, little regards is given to the security of such web sites. In many cases, government highly critical web sites are simply produced in a product line fashion using Content Management Systems which the webmasters do not quite master.

We discuss in this study our findings on empirically assessing the security of government websites in Burkina Faso. By systematically scanning these websites for simple and well-known vulnerabilities, we were able to discover issues that deserved urgent attention. As an example, we were able to crawl from temporary backup files in a government web site all information (hostname, login and password in clear) to read and write directly in the database and for impersonating the administrator of the website. We also found that around 50 % of the government websites are built on top of platforms suffering from 14 publicly known vulnerabilities, and thus can be readily attacked by any hacker.

Keywords

e-government Websites Security Vulnerabilities CMS Developing countries 

References

  1. 1.
    Shteiman, B.: How your CMS could be breeding security vulnerabilities (2013). http://www.itproportal.com/2013/10/08/how-your-cms-could-be-breeding-security-vulnerabilities/
  2. 2.
    Bissyandé, T.F., Ouoba, J., Ahmat, D., Sawadogo, A.D., Sawadogo, Z.: Bootstrapping software engineering training in developing countries. In: Nungu, A., Pehrson, B., Sansa-Otim, J. (eds.) AFRICOMM 2014. LNICSSITE, vol. 147, pp. 261–268. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-16886-9_27 Google Scholar
  3. 3.
    Tan, L., Liu, C., Li, Z., Wang, X., Zhou, Y., Zhai, C.: Bug characteristics in open source software. Emp. Softw. Eng. 19(6), 1665–1705 (2014)CrossRefGoogle Scholar
  4. 4.
    Bissyandé, T.F., Réveillère, L., Lawall, J.L., Muller, G.: Diagnosys: automatic generation of a debugging interface to the linux kernel. In: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineerinh, ASE 2012 (2012)Google Scholar
  5. 5.
    Bissyandé, T.F., Réveillère, L., Lawall, J.L., Muller, G.: Ahead of time static analysis for automatic generation of debugging interfaces to the linux kernel. Autom. Softw. Eng. 23, 1–39 (2014)Google Scholar
  6. 6.
    Bissyandé, T.F., Thung, F., Lo, D., Jiang, L., Réveillere, L.: Popularity, interoperability, and impact of programming languages in 100,000 open source projects. In: Proceedings of the 37th Annual International Computer Software & Applications Conference, COMPSAC 2013, pp. 1–10 (2013)Google Scholar
  7. 7.
    Bissyandé, T.F., Ahmat, D., Ouoba, J., Stam, G., Klein, J., Traon, Y.: Sustainable ICT4D in Africa: where do we go from here? In: Bissyandé, T.F., Stam, G. (eds.) AFRICOMM 2013. LNICSSITE, vol. 135, pp. 95–103. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-08368-1_11 Google Scholar
  8. 8.
    Moen, V., Klingsheim, A.N., Simonsen, K.I.F., Hole, K.J.: Vulnerabilities in e-governments. Int. J. Electron. Secur. Digit. Forensic 1(1), 89–100 (2007)CrossRefGoogle Scholar
  9. 9.
    Wang, J.A., Zhang, F., Xia, M.: Temporal metrics for software vulnerabilities. In: Proceedings of the 4th Annual Workshop on Cyber Security, Information Intelligence Research: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead, CSIIRW 2008, pp. 44:1–44:3. ACM, New York (2008). Observation of strains. Infect Dis Ther. 3(1), 35–43 (2011)Google Scholar
  10. 10.
    Paleari, R., Marrone, D., Bruschi, D., Monga, M.: On race vulnerabilities in web applications. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 126–142. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-70542-0_7 CrossRefGoogle Scholar
  11. 11.
    Shahriar, H., Zulkernine, M.: Mitigating program security vulnerabilities: approaches and challenges. ACM Comput. Surv. 44(3), 11:1–11:46 (2012)CrossRefGoogle Scholar
  12. 12.
    Ciampa, A., Visaggio, C.A., Di Penta, M.: A heuristic-based approach for detecting sql-injection vulnerabilities in web applications. In: Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, SESS 2010, pp. 43–49. ACM, New York (2010)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2016

Authors and Affiliations

  • Tegawendé F. Bissyandé
    • 1
    • 2
    Email author
  • Jonathan Ouoba
    • 3
  • Daouda Ahmat
    • 4
  • Fréderic Ouédraogo
    • 5
  • Cedric Béré
    • 2
  • Moustapha Bikienga
    • 5
  • Abdoulaye Sere
    • 6
  • Mesmin Dandjinou
    • 6
  • Oumarou Sié
    • 2
  1. 1.SnTUniversity of LuxembourgLuxembourgLuxembourg
  2. 2.Université de OuagadougouOuagadougouBurkina Faso
  3. 3.VTT Technical Research CenterEspooFinland
  4. 4.Université Virtuelle du TchadN’DjamenaChad
  5. 5.Université de KoudougouKoudougouBurkina Faso
  6. 6.Université Polytechnique de Bobo DioulassoBobo-DioulassoBurkina Faso

Personalised recommendations