Prevalence of Security Risks in e-Governance Applications and its Remediation - A Case Study
Citation
MLA Style: B.S. Kumar, V. Sridhar, K. R. Sudhindra "Prevalence of Security Risks in e-Governance Applications and its Remediation - A Case Study" International Journal of Engineering Trends and Technology 67.2 (2019): 12-17.
APA Style:B.S. Kumar, V. Sridhar, K. R. Sudhindra (2019). Prevalence of Security Risks in e-Governance Applications and its Remediation - A Case Study. International Journal of Engineering Trends and Technology, 67(2), 12-17.
Abstract
Over last few years, e governance in India has made rapid progress and adopted global best practices in terms of citizen-centricity, reach, connectivity, effi-ciency, transparency, accountability and availability. Accordingly, as e Governance software are becoming increasingly criti-cal, complex, and connected, the difficulty of achieving application security has in-creased exponentially. The security threat landscape for applications constantly changes and new type of vulnerabilities keep manifesting. In today’s race to build complex and cutting-edge e Governance business solutions, web applications are being developed and deployed with mini-mum attention to security threats. Proven threat design techniques and known pat-terns are being invariably used by the attackers to exploit the commonly found security loopholes in web applications. Government can no longer afford to tole-rate relatively simple and widespread se-curity issues which could hinder delivery of services and impact the confidentiality, integrity and availability of information. In this context, an attempt is made to pool together application security issues in e Governance applications to gain a better understanding of application vulnerability landscape and its prevalence. Based on analysis, this paper outlines the vulnera-bility distribution pattern generally found in e Government applications and deter-mines the prevalence and probability of different vulnerability security issues. Recommended remediation process and security controls to mitigate prevalent security issues are also discussed.
Reference
[1] OWASP Top 10 – The Ten most critical Appli-cation Security issues, 2013 and 2017
[2] OWASP Risk Rating Methodology, https://www.owasp.org/index.php/
[3] CWE. Common Weakness Enumeration CWE/SANS Top 25 retreieved from https://CWE.mitre.org/
[4] Robert A. Mar Sean Barnum “A Status Update: The Common Weaknesses Enumera-tion”retrieved from https://www.researchgate.net/publication/234812149
[5] WASC (2010) WASC Threat Classification, version 2.00 retrieved from http://projects.webappsec.org/f/WASC-TC-v2_0.pdf
[6] WASC Web application security statistics 2008, http://www.webappsec.org/.
[7] Karishma Pooj , Sonali Patil. “Understanding File Upload Security for Web Applications” In-ternational Journal of Engineering Trends and Technology (IJETT) – Volume-42 Number-7 - December 2016
[8] Deven C. Pandya, Dr. Narendra J. Patel. Study and analysis of E-Governance Information Se-curity (InfoSec) in Indian Context, IOSR Jour-nal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661,p-ISSN: 2278-8727, Volume 19, Issue 1, Ver. IV (Jan.-Feb. 2017), PP 04-07
Keywords
e Governance application security, prevalent security issues, Defect density, injection attack, Security misconfiguration, Sensitive data exposure