Web application vulnerability assessment and policy direction towards a secure smart government

Government Information Quarterly

Volumn 31, Issue S1, 2014, Pages S118-S125

  Awoleye, Olusesan M ^a   Ojuloge, Blessing ^a   Ilori, Mathew O ^a  

^a OBAFEMI AWOLOWO UNIVERSITY   (Nigeria)

Author keywords

Cookie manipulation; Cross site injection; E government; Policy; Smart government; SQL injection; Web vulnerability

Indexed keywords

EID: 84908320286     PISSN: 0740624X     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.giq.2014.01.012     Document Type: Article

References (67)

1. Ajayi G.O. E-government in Nigeria's e-strategy. The Fifth Annual African Computing and Telecommunications Summit, Abuja, Nigeria 2003.
2. Akunyili D. ICT and e-government in Nigeria: Opportunities and challenges. World Congress on Information Technology, Amsterdam, The Netherlands, 25th-27th May 2010, 2013 2010, (available on http://goafrit.wordpress.com/2010/06/12/ict-and-e-government-in-nigeria-prof-akunyili/Accessed on 7th December).
3. Almgren M., Debar H., Dacier M. A lightweight tool for detecting web server attacks. Network and Distributed System Security Symposium (NDSS 2000) 2000, 157-170.
4. Anley C. Advanced SQL injection in sql server applications Available on, (accessed on 16th November, 2012). http://www.ngssoftware.com/papers/advanced_sql_injection.pdf.
5. Anthopoulos L.G., Siozos P.T., Soukalas I.A. Applying participatory design and collaboration in digital public services for discovering and re-designing e-government services. Government Information Quarterly 2007, 24:353-376.
6. Awoleye O.M., Ojuloge B., Siyanbola W.O. Technological assessment of e-government web presence in Nigeria. The 6th International Conference on Theory and Practice of Electronic Governance, Albany, NY, USA, 22-25 October 2012.
7. Awoleye O.M., Okogun O.A., Siyanbola W.O. Technological assessment of banking innovation in Nigeria. African Journal Accounting, Auditing and Finance 2013, 2(2):157-174.
8. Awoleye O.M., Oluwaranti A.I., Siyanbola W.O., Adagunodo E.R. Assessment of e-governance resource use in southwestern Nigeria. ACM International Conference Proceeding Series 2008, 154-159.
9. Backus M. E-governance and developing countries: Introduction and examples. Report No 3, April 2001 2001, (Available on http://www.ftpiicd.org/files/research/reports/report3.pdf accessed 12th April, 2013).
10. Balduzzi M., Gimenez C.T., Balzarotti D., Kirda E. Automated discovery of parameter pollution vulnerabilities in web applications. NDSS 2011, 18th Annual Network and Distributed System Security Symposium, 6-9 February 2011, San Diego, CA, USA 2010.
11. Bandhakavi S., Bisht P., Madhusudan P., Venkatakrishnan V.N. CANDID: Preventing SQL injection attacks using dynamic candidate evaluations 2010, WWW 2010, April 26-30, 2010, Raleigh, North Carolina, USA, ACM978-1-60558-799-8/10/04 Available on http://cs.uiuc.edu/~madhu/ccs07.pdf.
12. Barrantes E., Ackley D., Forrest S., Palmer T., Stefanovic D., Zovi D. Randomized instruction set emulation to disrupt binary code injection attacks. Proceedings of the 10th ACM conference on computer and communications security 2003, October, 281-289.
13. Bates D., Barth A., Jackson C. Regular expression considered harmful in client-side XSS filters. WWW 2010, April 26-30, 2010, Raleigh, North Carolina, USA 2010, (ACM 978-1-60558-799-8/10/04. Available on http://www.collinjackson.com/research/xssauditor.pdf).
14. Cenzic Web Application Security Trends Report Q1-Q2, 2009 Available on, (accessed 25th April, 2013). http://www.cenzic.com/downloads/Cenzic_AppSecTrends_Q1-Q2-2009.pdf.
15. CERT Advisory CA-2000-02: Malicious HTML tags embedded in client web requests Available on, (accessed 13th April, 2013). http://www.cert.org/advisories/CA-2000-02.html.
16. Chan C.M.L., Lau Y., Pan S.L. E-government implementation: A macro analysis of Singapore's e-government initiatives. Government Information Quarterly 2008, 25(2008):239-255.
17. Chen H. Digital government: Technologies and practices. Decision Support Systems 2002, 34(3):223-227.
18. Chen Y., Gant J. Transforming local e-government services: The use of application service providers. Government Information Quarterly 2001, 18:343-355.
19. Chien E. Malicious Yahooligans Available on, (accessed 16th November, 2012). http://www.symantec.com/avcenter/reference/malicious.yahooligans.pdf.
20. Christey S., Martin R.A. Vulnerability type distributions in CVE Available on, (accessed 16th November, 2012). http://cve.mitre.org/docs/vuln-trends/vuln-trends.pdf.
21. Cook S. A web developer's guide to cross scripting Available on, (accessed on 12th April, 2013). http://www.sans.org/reading_room/whitepapers/securecode/web-developers-guide-cross-site-scripting_988.
22. CWE-SANS Top 25 most dangerous programming errors (Accessed May 05, 2013). http://www.applicure.com/blog/cwe-sans-top-25-dangerous-programming-errors.
23. Ebrahim, Irani E-government adoption: Architecture and barriers. Business Process Management Journal 2005, 11(5):589-611.
24. Endler D. The evolution of cross site scripting attacks. Technical report 2002, iDEFENSE Labs, (Available on http://www.cgisecurity.com/lib/XSS.pdf accessed 12th April, 2013).
25. Erlingsson U., Livshits B., Xie Y. End-to-end web application security. Microsoft Research 2009, (Available on http://static.usenix.org/event/hotos07/tech/full_papers/erlingsson/erlingsson.pdf).
26. Fatile J.O. Electronic governance: Myth or opportunity for Nigerian public administration?. International Journal of Academic Research in Business and Social Sciences 2012, 2(9). (available on http://www.hrmars.com/admin/pics/1104.pdf accessed 4th December, 2013).
27. Gil-García J.R., Martinez-Moyano I.J. Exploring e-government evolution: The influence of systems of rules on organizational action. NCDG Working Paper No. 05-001 2005.
28. Gundy M.V., Chen H. Noncespaces: Using randomization to defeat cross-site scripting attacks. Computers and Security 2012, 31(2012):612-628.
29. Halfond W.G.J., Orso A. AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. 20th IEEE/ACM International Conference on Automated Software Engineering, CA, USA 2005, 174-183.
30. Halfond W.G.J., Viegas J., Orso A. A classification of sql injection attacks and counter measures 2006, College of Computing Georgia Institute of Technology, (Available on http://www.cc.gatech.edu/~orso/papers/halfond.viegas.orso.ISSSE06.pdf).
31. Halkidis S.T., Chtzigeorgiou A., Stephanides G. A practical evaluation of security patterns Available on, (retrieved 12th April, 2013). http://users.uom.gr/~achat/papers/AIDC2006.pdf.
32. Hee-joon S. Analysis on the improved effects of administrative transparency of the e-government. Administrative Treaties 2002, 40(4):109-134.
33. Hee-joon S. Prospects and limitations of the e-government initiative in Korea. International Review of Public Administration 2002, 7(2):45-53.
34. Higgins K.J. Cross site scripting: Attackers' new favourite flaw Available on. http://www.darkreading.com/security/application-security/208804050/cross-sitescripting-attackers-new-favorite-flaw.html.
35. Howard M., LeBlanc D. Writing secure code 2003, Microsoft Press, Redmond, WA. 2nd ed.
36. Hsieh M.-D., Wang T.-P., Tsai C.-S., Tseng C.-C. Stateful session handoff for mobile WWW. Information Sciences 2006, 176:1241-1265.
37. Huang Y.W., Huang S.K., Lin T.P. Web application security assessment by fault injection and behaviour monitoring. WWW2003, May 20-24, 2003, Budapest, Hungary 2003, (ACM 1-58113-680-3/03/0005. Available on http://www2003.org/cdrom/papers/refereed/p081/FINAL_WAVES_WWW2003.htm).
38. Ifinedo P. Measuring Africa's e-readiness in the global networked economy: A nine-country data analysis. The International Journal of Education and Development using Information and Communication Technology 2005, 1(1):53-71.
39. Ifenedo P. Towards e-government in a sub-Saharan African country: Impediments and initiatives in Nigeria Available on, (Accessed on 7th December, 2013). http://www.researchgate.net/publication/232981268_Towards_E-Government_in_a_Sub-Saharan_African_Country/file/72e7e52616c2281cdd.pdf.
40. infoDev/World Bank E-government primer, Washington DC Available at, (accessed 20th April, 2013). http://www.infodev.org/publications.
41. Kc G.S., Keromytis A.D., Prevelakis V. Countering code-injection attacks with instruction-set randomization. Proceedings of the 10th ACM conference on computer and communications security 2003, October, 272-280. ACM Press.
42. Kim S., Jeong S.K., Lee H. An institutional analysis of an e-government system for anti-corruption: The case of OPEN. Government Information Quarterly 2009, 26:42-50.
43. Kirda E., Jovanovic N., Kruegel C., Vigna G. Client-side cross-site scripting protection. Computer and Security 2009, 28(7):592-604.
44. Layne K., Lee J. Developing fully functional e-government: A four stage model. Government Information Quarterly 2001, 18(2001):122-136.
45. Lee I., Jeong S., Yeo S., Moon J. A novel method for SQL injection attack detection based on removing SQL query attribute values. Mathematical and Computer Modeling 2011, 55(1-2):58-68.
46. Malerba F., Nelson R., Orsenigo L., Winter S. History friendly models of industry-evolution: The computer industry. Industrial and Corporate Change 1999, 8(1):3-41.
47. Martinez-Romo J., Araujo L. Updating broken web links: An automatic recommendation system information processing and management 2012, 48(2012):183-203.
48. Metcalfe J.S. Evolutionary Economics & Technology Policy. The Economic Journal 1994, 104(425):931-944.
49. Mitropoulos D., Spinellis D. SDriver: Location-specific signatures prevent SQL injection attacks. Computer and Security 2009, 28(3-4):121-129.
50. Moen V., Klingsheim A.N., Simonsen K.I.F., Hole K.J. Vulnerabilities in e-governments. Proc. 2nd International Conference on Global E-Security (ICGeS-06), London, England, April 20-22 2006, 2006.
51. Moen V., Klingsheim A.N., Simonsen K.I., Hole K.J. Vulnerabilities in e-governments. International Journal of Electronic Security and Digital Forensics 2007, 1(1):89-100.
52. Mohammed S., Abubakar M.K., Bashir A. E-government in Nigeria: A catalyst for national development. International conference on development studies 2010, University of Abuja, F.C.T., Nigeria, (Available on http://www.abu.edu.ng/publications/2009-06-23-113825_373.doc accessed on 4th December, 2013).
53. Moon M.J. The evolution of e-government among municipalities: Rhetoric or reality?. Public Administration Review 2002, 62(4):424-433.
54. Nelson R., Winter S. An evolutionary theory of economic change 1982, Belknap Press, Cambridge.
55. OWASP The ten most critical web application security vulnerabilities 2004, Open Web Application Security Project, (Available on http://umn.dl.sourceforge.net/sourceforge/owasp/OWASPTopTen2004.pdf).
56. OWASP, Open Web Application Security Project The ten most critical web application security vulnerabilities Available on. http://www.owasp.org/images/e/e8/OWASP_Top_10_2007.pdf.
57. Pauli J.J., Engebretson P.H., Ham J., Zautke M.J. CookieMonster: Automated session hijacking archival and analysis. Eighth International Conference on Information Technology: New generations 2011, 403-407.
58. Rokhman A. E-government adoption in developing countries; the case of Indonesia. Journal of Emerging Trends in Computing and Information Sciences 2011, 2(5):228-236.
59. Sang-ho Y. Study on the development and application of e-government maturity assessment model. Korea Policy Academy Society News 2002, 11(4):243-271.
60. SANS Institute Top cyber security risks Available on. http://www.sans.org/top-cyber-security-risks/summary.php.
61. Schelin S.H. E-government: An overview. Public information technology: Policy and management issues 2003, 120-137. Idea Group Publishing, Hershey, PA. G.D. Garson (Ed.).
62. Wang Y. The adoption of electronic tax filing systems: An empirical study. Government Information Quarterly 2002, 20:333-352.
63. Wangpipatwong S., Chutimaskul W., Papasratorn B. Factors influencing the adoption of Thai e-government websites: Information quality and system quality approach. Proceedings of the Fourth International Conference on eBusiness, Bangkok, Thailand 2005.
64. Whitson T.L., Davis L. Best practices in electronic government: Comprehensive electronic information dissemination for science and technology. Government Information Quarterly 2001, 18(2001):79-91.
65. Xie Y., Aiken A. Static detection of security vulnerability in scripting languages. 15th USENIX Security Symposium, 2006 2006, (Available on http://theory.stanford.edu/~aiken/publications/papers/usenix06.pdf).
66. Yves Y., Wouter J., Frank P. A methodology for designing counter measures against current and future code injection attacks. Proceedings of the third IEEE international information assurance workshop 2005, IEEE Press, College Park, Maryland, USA.
67. Zhao J.J., Zhao S.Y. Opportunities and threats: A security assessment of state e-government websites. Government Information Quarterly 2010, 27:49-56.