المستخلص: |
Hackers use many ways to have unauthorized access to systems, especially those based on Internet platforms, either by manual hand-held attempts which based primarily on the hacker's experience, or by using a special tool that is either designed by the hacker himself or programmed by another professional in information security. Through these different ways, hackers try to identify vulnerabilities in software and access databases to violate their confidentiality and exploit them, or to prevent access to or destruction of the contents of the Website. The researcher has noted through his work in Nahda College the sample of the study that there are several attempts to penetrate the system of electronic examinations and electronic registration (two subsystems within the main site of the college). Therefore, the researcher has focused on finding out the existence of vulnerabilities in the basic code of the college's website; Affected by these vulnerabilities accurately. In order to achieve the research objectives, the researcher used to search for vulnerabilities by injecting some code in certain fields within the pages of the site, and since the response was positive in a number of times, has moved to the use of the Acunetix Web Vulnerability Scanner tool using the website address as a basic entry and the titles of internal links as sub-entries; after analysis of the resulting test report, it has been concluded that there are four software vulnerabilities that differed in their vulnerability between weak and medium. They have been accurately identified by identifying the affected parts, and determine the seriousness of each of them and their impact on the site. Finally, there are certain recommendations based on the results of the study.
|