Abstract

Vulnerabilities are the loopholes that arise due to poor programming. Web applications are considered to be very vulnerable to attack as compared to desktop programs on sole computers. Keeping this thing in our minds, we decided to find out all the possible vulnerabilities in Saudi Arabian organization’s web servers. To assess these vulnerabilities, we selected number of open source tools and tested about 169 most popular web servers of government, financial and academic organizations and commercial organizations. This problem seemed interesting to us because of two reasons, first, security is a burning issue of the world and it can be minimized by finding out the vulnerabilities. By finding out vulnerabilities, it becomes easy to fix them. Secondly, it is in the interest of Saudi Arabian national goals. This problem was not addressed before for Saudi Arabian organizations web servers, so, that is why it carries high importance. Our solution to this problem is to check each server with two different vulnerabilities assessment tools. The purpose of using two different tools is to avoid false positive and false negative. Our purpose is not to hack these respectable organizations but to assess them with respect to security so that these may not be the victim of future cyber attacks. We will enlist all the vulnerabilities found by the tools with respect to their organizations. The vulnerabilities will be shown anonymously and with the level of severity. These vulnerabilities will be followed by a graph showing the "organization versus vulnerabilities" relationship. A graph on “recommended patches versus vulnerable organization server” is also included for those organizations that are conscious about their organization privacy and confidentiality. Saudi organization may contact us to know about their web server vulnerabilities to fix them in time.

Key words: Saudi Arabia, critical analysis, websites, loopholes, assessment.