Analysis of Web Vulnerability Using Open-Source Scanners on Different Types of Small Entrepreneur Web Applications in Malaysia

Authors

  • Alya Geogiana Buja College of Computing, Informatics and Mathematics, Universiti Teknologi MARA (UiTM) Melaka Branch, JasinCampus,77300 Merlimau, Melaka, Malaysia
  • Nurul Natasha Mohamad Amirul Asri Low College of Computing, Informatics and Mathematics, Universiti Teknologi MARA (UiTM) Melaka Branch, JasinCampus,77300 Merlimau, Melaka, Malaysia
  • Anwar Farhan Zolkeplay College of Computing, Informatics and Mathematics, Universiti Teknologi MARA (UiTM) Melaka Branch, JasinCampus,77300 Merlimau, Melaka, Malaysia
  • Nurul Alieyah Azam College of Computing, Informatics and Mathematics, Universiti Teknologi MARA (UiTM) Melaka Branch, JasinCampus,77300 Merlimau, Melaka, Malaysia
  • Fuad Mat Isa Operation Team, Tabsquare, Jalan Dua, Chan Sow Lin, 55200 Kuala Lumpur, Wilayah Persekutuan Kuala Lumpur, Malaysia

DOI:

https://doi.org/10.37934/araset.40.1.174188

Keywords:

Cyber security, Open-Source scanners, Small entrepreneur, Web vulnerability

Abstract

Most of Malaysia’s small entrepreneurs have switched to online platforms as an alternative to their physical businesses. Social media sites such as TikTok, Instagram, Twitter, and Facebook provide free advertising tools and convenient access to a broader global target. However, security issues on these websites remain questionable as users are exposed to web attacks due to the vulnerabilities on the websites. Considering the cost and lack of awareness of the importance of cybersecurity, some organizations find it not profitable to invest in securing their websites. Therefore, this paper aims to test Malaysian small entrepreneurs’ web applications using open-source scanners and analyse the results of web vulnerabilities detected. To do so, two types of open-source scanners, OWASP ZAP and IRONWASP, were installed to scan five websites found through advertisements on social media sites. The web vulnerability identification was based on the top 5 OWASP web vulnerability reports, and the results showed that five types of web vulnerabilities were detected. The analysis of the results showed that the top 5 web vulnerabilities in Malaysian small entrepreneurs’ websites are the ‘Missing Session Timeout’ vulnerability with 81.84 percent, the ‘Sensitive Information Passed as Clear Text in GET URL’ vulnerability with 14.74 percent, and the ‘Session ID Cookies not Marked Secure’ vulnerability with 2.47 percent. This paper provides security analysis on Small Medium Enterprise (SME) websites for future enhancement and consideration during development and implementation to avoid possible attacks. Therefore, developers are advised to handle these vulnerabilities by carefully managing the session timeout, and users are recommended to log out from the websites immediately after they are done.

Downloads

Download data is not yet available.

Author Biographies

Alya Geogiana Buja, College of Computing, Informatics and Mathematics, Universiti Teknologi MARA (UiTM) Melaka Branch, JasinCampus,77300 Merlimau, Melaka, Malaysia

geogiana@uitm.edu.my

Nurul Natasha Mohamad Amirul Asri Low, College of Computing, Informatics and Mathematics, Universiti Teknologi MARA (UiTM) Melaka Branch, JasinCampus,77300 Merlimau, Melaka, Malaysia

amirullowyilin@gmail.com

Anwar Farhan Zolkeplay, College of Computing, Informatics and Mathematics, Universiti Teknologi MARA (UiTM) Melaka Branch, JasinCampus,77300 Merlimau, Melaka, Malaysia

anwarfarhan@uitm.edu.my

Nurul Alieyah Azam, College of Computing, Informatics and Mathematics, Universiti Teknologi MARA (UiTM) Melaka Branch, JasinCampus,77300 Merlimau, Melaka, Malaysia

nurulalieyah20@gmail.com

Fuad Mat Isa, Operation Team, Tabsquare, Jalan Dua, Chan Sow Lin, 55200 Kuala Lumpur, Wilayah Persekutuan Kuala Lumpur, Malaysia

fuadisa19@gmail.com

Published

2024-02-19

Issue

Section

Articles

Most read articles by the same author(s)