Web Application Critical Resources Protection

“…These systems comprise stored data, including student and lecturer profile pages, functionalities for the management of files through downloading and uploading various documents, and virtual learning-relevant forum pages. The present research employs a qualitative and descriptive methodology ( Invicti, 2021 ) based on penetration testing techniques ( Al-Shaer, Spring & Christou, 2020 ; Korniyenko et al, 2021 ; The MITRE Corporation, 2021 ; OWASP, 2021b ; Yosifova, 2021 ) to identify essential vulnerabilities in eLMS in Western Balkan HEIs. The primary objective is to discern critical vulnerabilities within eLMSs in HEIs situated in the Western Balkan region.…”

“…The process of penetration testing ( Zakaria et al, 2019 ) involves passive analysis of eLMS for weaknesses, technical flaws, or vulnerabilities. According to MITRE ATT&CK and OWASP ( Al-Shaer, Spring & Christou, 2020 ; Korniyenko et al, 2021 ; Pham & Dang, 2018 ; Zare, Zare & Azadi, 2018 ), the primary purpose of penetration tests is to find more effective attack vectors as well as exploit vulnerabilities.…”

“…In addition, penetration test as a security mechanism are limited to only finding vulnerabilities, not fixing them or proposing specific preventive strategies ( Doyle et al, 2020 ; Korniyenko et al, 2021 ). An overview of penetration test phases from various standards such as NIST, ISAAF, and PTES is shown in Fig.…”

A lightweight framework for cyber risk management in Western Balkan higher education institutions

“…These systems comprise stored data, including student and lecturer profile pages, functionalities for the management of files through downloading and uploading various documents, and virtual learning-relevant forum pages. The present research employs a qualitative and descriptive methodology ( Invicti, 2021 ) based on penetration testing techniques ( Al-Shaer, Spring & Christou, 2020 ; Korniyenko et al, 2021 ; The MITRE Corporation, 2021 ; OWASP, 2021b ; Yosifova, 2021 ) to identify essential vulnerabilities in eLMS in Western Balkan HEIs. The primary objective is to discern critical vulnerabilities within eLMSs in HEIs situated in the Western Balkan region.…”

“…The process of penetration testing ( Zakaria et al, 2019 ) involves passive analysis of eLMS for weaknesses, technical flaws, or vulnerabilities. According to MITRE ATT&CK and OWASP ( Al-Shaer, Spring & Christou, 2020 ; Korniyenko et al, 2021 ; Pham & Dang, 2018 ; Zare, Zare & Azadi, 2018 ), the primary purpose of penetration tests is to find more effective attack vectors as well as exploit vulnerabilities.…”

“…In addition, penetration test as a security mechanism are limited to only finding vulnerabilities, not fixing them or proposing specific preventive strategies ( Doyle et al, 2020 ; Korniyenko et al, 2021 ). An overview of penetration test phases from various standards such as NIST, ISAAF, and PTES is shown in Fig.…”

A lightweight framework for cyber risk management in Western Balkan higher education institutions