Evaluation of Most Visited E-Commerce Web Sites in Turkey in Aspects of Structure and Security

Abstract

Applications on World Wide Web have made our daily lives easier with their basic and fast access, neglecting time and place, they have become indispensable. It made Web applications a popular target for malevolent users and increased web security risk. In this study web penetration test which is indispensable for web security and threating risks for web security are mentioned. In Turkey, 12 of the most visited e-commerce sites were scanned as an ordinary user to consider a safety assessment of the general situation of the websites. The knowledge about these sites such as used technologies and infrastructure which considers as vulnerability of sites and can be obtained by the ordinal person who uses penetration tests has been investigated in this study

Keywords

• penetration tests,web security,weakness analysis

References

1. G. Canbek, Ş. Sağıroğlu, “Bilgi, Bilgi Güvenliği ve Süreçleri Üzerine Bir İnceleme,” Politeknik Dergisi Vol 9(3):165-174, 2006.
2. S. Boşal, “Kamuda Bilgi Güvenliği Ve Iller Bankasi A.Ş. Örneği”, Uzmanlık Tezi, İller Bankasi Anonim Şirketi Ankara, 2017.
3. P.H.A. Fung, “Mitigations of Web Application Security Risks,” Ph.D. dissertation, Information Engineering The Chinese University, Hong Kong, 2014.
4. N. Khochare, S. Chalurkar, B.B. Meshram, “Web Application Vulnerabilities Detection Techniques Survey,” IJCSNS International Journal of Computer Science and Network Security, Vol.13(6)6:71-77, 2013.
5. Ç. Polat, “Penetration tests and security solutions for corporate networks”, Master of Science Thesis, Dokuz Eylül University İzmir, 1-182, 2016.
6. D. Stiawan, M.Y. Idris, A.H. Abdullah, F. Aljaber, R. Budiarto, “Cyber-Attack Penetration Test and Vulnerability Analysis”, International Journal of Online Engineering, Vol 13, No 1: 125-132, 2017.
7. S. Sandhya, S. Purkayastha, E. Joshua, A. Dee, “Assessment of Website Security by Penetration Testing Using Wireshark”, International Conference on Advanced Computing and Communication Systems, Coimbatore, INDIA, 2017.
8. S. Nixon, Y. Haile, “Analyzing Vulnerabilities on WLAN Security Protocols and Enhance its Security by using Pseudo Random MAC Address”, International Journal of Emerging Trends & Technology in Computer Science (IJETTCS’2017), 2017.

9. J.H. Bullée, L. Montoya, W. Pieters, M. Junger, P. Hartel, “On the anatomy of social engineering attacks—A literature-based dissection of successful attacks“, Journal of Investigative Psychology and Offender Profiling, Volume 15, Issue 1, 20–45, 2017.
10. Y. Wu, G. Feng, R.Y.K. Fung, “Comparison of information security decisions under different security and business environments, Journal of the Operational Research Society, 2018.
11. P. Čisar, S.M. Maravi, I. Fürstner, “Security Assessment with Kali Linux”, Bánki Közlemények1(1) 49 – 52, 2018.
12. A. Stasinopoulos, C. Ntantogian, C. Xenakis, “Commix: automating evaluation and exploitation of command injection vulnerabilities in Web applications”, International Journal of Information Security, 2018. https://doi.org/10.1007/s10207-018-0399-z
13. G. Muharremoğlu, “Kurumsal Bilgi Güvenliğinde Zafiyet, Saldırı ve Savunma Öğelerinin İncelenmesi,” M.S. Thesis, Fen Bilimleri Enstitüsü İstanbul Üniversitesi, İstanbul, 2013
14. H. Yaşar, “Kurumsal Siber Güvenliğe Yönelik Tehditler ve Mücadele Yöntemleri: Eylem Planı Örneği,” M.S. Thesis, Bilişim Enstitüsü Gazi Üniversitesi, Ankara, 2014.
15. Y. Vural, ”Kurumsal Bilgi Güvenliği ve Sızma (Penetrasyon) Testleri,” M.S. Thesis, Fen Bilimler Enstitüsü Gazi Üniversitesi, Ankara, 2007.