Article Per Year (5 Year)
p-Index From 2021 - 2026
0
P-Index
This Author published in this journals
All Journal International Journal of Electrical and Computer Engineering
Yasir Javid
Prince Sultan University
Computer Science & IT Electrical & Electronics Engineering

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Security assessment framework for educational ERP systems Hafsa Ashraf; Mamdouh Alenezi; Muhammad Nadeem; Yasir Javid
International Journal of Electrical and Computer Engineering (IJECE) Vol 9, No 6: December 2019
Publisher : Institute of Advanced Engineering and Science

Show Abstract | Download Original | Original Source | Check in Google Scholar | Full PDF (1711.057 KB) | DOI: 10.11591/ijece.v9i6.pp5570-5585

Abstract

The educational ERP systems have vulnerabilities at the different layers such as version-specific vulnerabilities, configuration level vulnerabilities and vulnerabilities of the underlying infrastructure. This research has identified security vulnerabilities in an educational ERP system with the help of automated tools; penetration testing tool and public vulnerability repositories (CVE, CCE) at all layers. The identified vulnerabilities are analyzed for any false positives and then clustered with mitigation techniques, available publicly in security vulnerability solution repository like CCE and CWE. These mitigation techniques are mapped over reported vulnerabilities using mapping algorithms. Security vulnerabilities are then prioritized based on the Common Vulnerability Scoring System (CVSS). Finally, open standards-based vulnerability mitigation recommendations are discussed.
Co-Authors Hafsa Ashraf Mamdouh Alenezi Muhammad Nadeem