Abstract:
With the growing usage of internet in Pakistan, Government of Pakistan is also utilizing the internet for communication and delivery of e-services to the people. Websites being one of the easiest ways of communication over the internet, almost each department of Pakistan government owns a website. Most of these websites collect personal identifiable information of Pakistani citizens in one form or another. A minor attack can pose huge risk to the critical data being handled by these websites. Besides this, a simple defaming attack can cause a serious impact on govt-citizen trust relationship. Therefore, it is important to regularly assess the vulnerabilities in govt. websites in order to timely address and mitigate the threats posed by their exploitation. In this research, at first the open source web vulnerability scanning tools are tested on DVWA. Based on the test results, two scanners are finalized for testing Pakistan govt. websites. A dataset of vulnerabilities of 60 websites is created and analyzed. At the end a framework is proposed for countering national website security threats. The framework is based on the guidelines of NIST Framework for improving critical Infrastructure Cyber Security, NIST special Publication 800-30 [1], FIPS 199 [2] and NIST Special Publication 800-61 [3].
