A Proposed Method for Vulnerability Discovery of Sudanese Government Websites

Abstract

This study explored the security status and related issues in the Sudanese Government websites. In particular, the vulnerability and security weaknesses in many Sudan government websites were studied and assessed. The Websites are usually vulnerable to attacks of malicious hackers and crackers. Since unpatched exploits in government websites allow unauthorized persons to login to sites and expose data to damage , Penetration testing is a form of stress testing, that provides a way to assess the computer system, and points out any vulnerabilities that can be exploited by hackers, by finding flaws in the security system. It is a vulnerability assurance assessment tool that can be of great help for the system administrators, as it helps them tighten up their system security. In order avoid the hacker's ability to exploit the vulnerability, it is necessary to detect the vulnerability and patch them to protect the site. This research has proposed a methods for vulnerability discovery of Sudanese government websites using penetration testing. The methods Consists of three stages. The first stage for gathering data of website such as domain name and IP address to understand the test target and create acknowledge base to act upon in later stage ,the second stage which tests the website ,involves: vulnerability analysis, vulnerability of websites, their security weaknesses, and vulnerability exploits ,and last stage generates penetration report and analysis risk . The methods was implemented in the three government websites and the result of show that the study websites face high risk vulnerability which endanger the reliability and integrity of these websites and can be prone to hacker attacks.