Security evaluation of Saudi Arabia´s websites using open source tools

Using e-services in Saudi Arabia is growing. Using such services offers a wide range of benefits and makes people´s life easier. However, the development and the deployment of these e-services on the Internet increase the likelihood of exposure to cyber-attacks. Attackers take advantage of vulnerabilities in these e-services. Vulnerabilities arise as a result of weaknesses in the programming, miss-configuration or lack of updates. It is unfortunate that only little effort is done to evaluate the security posture of Saudi Arabia´s websites. In this paper, 150 Financial, Academic, Governmental and commercial organizations websites were assessed using open source tools. In addition, a comparison between governmental and commercial websites was done based on the numbers of vulnerabilities found. The results show that Saudi Arabia´s websites suffer from high, medium and low impact vulnerabilities. For example; 17.5% of websites are vulnerable to SQL injection, 13.5% are vulnerable to Shell injection, and 61% are vulnerable to Clickjacking. Finally, the evaluation showed that commercial websites are more secure than governmental websites.