!Учебный год 2024 / Цифровое право / tom-5

ЦИФРОВЫЕ ТЕХНОЛОГИИ И ПРАВО

Сборник научных трудов

II Международной научно-практической конференции

22 сентября 2023 г. г. Казань

В шести томах Том 5

Казань ■ ■ 2023

DIGITAL TECHNOLOGIES AND LAW

S. M. Díaz,

student,

University of Sancti Spíritus «José Martí Pérez»

WEB SCANNER:AVULNERABILITY DETECTION TOOL

TO SCANAWEBSITE GIVEN ITS URL

Abstract. Information constitutes a very important asset for people or organizations, therefore, protecting it has become a priority for everyone, unfortunately there is not a unique formula that grantees a complete and total protection to the information. With that in mind, it becomes necessary the use of a software that provides help and facilitates work for the cybersecurity specialists so they can provide the best possible protection of data. Objective: Develop a system that can scan a given URL link of a website, and provide all the necessary information about the site. Methods: From a scientific point of view, the scientific observation, document analysis, survey and interview are considered as methods, giving place to a susceptible proposal to the scientific verification and validation. Results: The implementation of a website that contains a vulnerability detection system (web scanner), which can scan a website given its URL. Conclusions: the implementation of the said system for the security of the information in the University of Sancti Spíritus «José Martí Pérez» (UNISS) is valued as a positive support for the security against phishing attacks, in a single repository.

Keywords: cybersecurity, information, malware, phishing attacks, social engineering, tool, vulnerability analysis, web scanner

ВЕБ-СКАНЕР: СРЕДСТВО ОБНАРУЖЕНИЯ УЯЗВИМОСТЕЙ ДЛЯ СКАНИРОВАНИЯ ВЕБ-САЙТА ПО ЕГО URL-АДРЕСУ

Аннотация. Информация представляет собой очень важный актив для людей или организаций, поэтому ее защита стала приоритетной задачей для всех, но, к сожалению, не существует уникальной формулы, обеспечивающей полную и абсолютную защиту информации. В связи с этим возникает необходимость в использовании программного обеспечения, которое помогает и облегчает работу специалистов по кибербезопасности, чтобы они могли обеспечить наилучшую защиту данных. Целью исследования стала разработка системы, способной сканировать заданную URL-ссылку сайта и предоставлять всю необходимую информацию о нем. С научной точки зрения в качестве методов рассматриваются научное наблюдение, анализ документов, анкетирование и интервьюирование, уступающие место восприимчивому предложению, подлежащему научной проверке и обоснованию. В результате был создан веб-сайт, содержащий систему

6

Digital technologies and law

обнаружения уязвимостей (веб-сканер), которая может сканировать веб-сайт по его ­URL-адресу. Внедрение указанной системы для защиты информации в Университете Санкти-Спиритус «Хосе Марти Перес» оценивается как эффективная поддержка защиты от фишинговых атак в едином хранилище.

Ключевые слова: кибербезопасность, информация, вредоносное ПО, фишинговые атаки, социальная инженерия, инструмент, анализ уязвимостей, веб-сканер

Introduction. Cybersecurity is one of the leading niches of information technology. It refers to the tools, frameworks, techniques, and practices implemented to ensure the security of computing, information, and other systems and their users.

Cybersecurity covers the broad range of technical, organizational and governance issues that must be considered to protect networked information systems against accidental and deliberate threats. It goes well beyond the details of encryption, firewalls, anti-virus software, and similar technical security tools. This breadth is captured in the widely used International Telecommunication Union (ITU) definition [7].

The importance of cybersecurity has increased as so many government, business, and day-to-day activities around the world have moved online. But especially in emerging economies, “[m]any organizations digitizing their activities lack organizational, technological, human resources and other fundamental ingredients needed to secure their system, which is the key for the long-term success [2, 7].

With the dawn of the World Wide Web, installing antivirus software was necessary to protect your computer from attacks. Even though destructive assaults back then were not as well known, as they are today, the history of cyber security threats has kept pace with the advancement in information technology.

Since computers were connected to the internet and began exchanging messages, cybercrime has substantially changed. Even if the amount of risk is substantially higher now than it was back then, computer users have been understandably concerned about these threats for a long time.

Despite the fact that the Internet has positively affected people’s lives, there are negative issues emerged related to the use of Internet. Cases like cyber-bully; online fraud, racial abuse, pornography and gambling had increased tremendously due to the lack of awareness and self-mechanism among Internet users to protect themselves from being victims to these acts. However, past research revealed that the level of awareness among Internet users is still low or moderate. One of the vital measures to be taken is to cultivate knowledge and awareness among Internet users from their early age, i.e., young children. Young children specifically, need to be educated to operate in a safe manner in cyberspace and to protect themselves in the process [6].

Cybercrime against children and adolescents is certainly a concern for parents, as they sometimes do not realize their child is a victim of cybercrime. Many parents are unaware of the activities their children perform in cyberspace. Some children are bullied through comments and insults; they may also be intimidated, harassed, abused or sexually exploited [6].

7

Digital technologies and law

Cyber risks could change as technology develops. Cybercriminals are always developing new ways to access systems and steal data.

Therefore, an educated workforce is essential to building trustworthy systems.Yet, issues about what should be taught and how are being ignored by many of the university faculty who teach cybersecurity courses a problematic situation [2].

Unfortunately, cybercriminals or “Hackers” are always one-step ahead of cybersecurity specialists in the sense that they are always developing ways to surpass the obstacles developed by the cybersecurity specialists, and always developing new tools to violate the information security policies and measures.

The word «hacker» conjures the image of someone with ill intent toward individuals, websites, and company information systems. The prevailing theory is they look for ways to mine company data and destroy or change customer information. Those types of «bad guys» certainly exist – the cybersecurity industry calls them Black Hats, but in reality, they are not the only hackers lurking in cyberspace.

Over time, cybersecurity specialists came up with a way to become one-step above the hackers called “Ethical Hacking”, which is hacking ethically to learn the vulnerabilities of a system.

There is a technique in ethical hacking called “Thinking like a hacker”, which means to be able to learn how to defend a system first one needs to learn how to attack it, the best practice to achieve the best possible security is by thinking as a hacker and asking the question “What would the hacker do?”.

Hackers can be sorted in varies categories, the most popular ones are “Black Hat Hackers” and “White Hat Hackers”:

Black Hat hackers are criminals who break into computer networks with malicious intent. They may also release malware that destroys files, holds computers hostage, or steals passwords, credit card numbers, and other personal information.

White hat hackers or ethical hackers is an individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks. However, unlike black hat hackers white hat hackers respect the rule of law as it applies to hacking.

With the rapidly increasing prominence of information technology in recent decades, various types of security incidents, such as unauthorized access, distribution denial of service (DDoS), malware attack, zero-day attacks, data breaches, social engineering or phishing, etc., have increased at an exponential rate in the last decade [1].

Social engineering attacks aim at tricking individuals or enterprises into accomplishing actions that benefit attackers or providing them with sensitive data such as social security number, health records, and passwords.

Social engineering attacks are multifaceted and include physical, social and technical aspects, which are used in different stages of the actual attack [3].

Physical approaches:

As the name implies, physical approaches are those where the attacker performs some form of physical action in order to gather information on a future victim. This can range from personal information (such as social security number, date of birth) to valid credentials for a computer system [4].

8

Digital technologies and law

Social approaches:

The most important aspect of successful social engineering attacks are social approaches. Hereby attackers rely on socio-psychological techniques such as Cialdini’s principles of persuasion to manipulate their victims [4].

Technical approaches:

Technical attacks are mainly carried out over the Internet. Granger notes that the Internet is especially interesting for social engineers to harvest passwords, as users often use the same (simple) passwords for different accounts [5].

Social engineering is one of the biggest challenges facing network security because it exploits the natural human tendency to trust [3].

Although social engineering is a technique, it contains a very big amount of attacks in its categories and one of the most famous and used attacks in these categories are the phishing attacks, which is when attackers attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware, or direct them to a dodgy website.

Itisthoughtthatthefirstphishingattackshappenedinthemid-1990s,whenagroup of hackers posed as employees of AOL (America Online) and used instant messaging and email to steal users’passwords and hijack their accounts.

The focus of this paper is directed to the utility that the web scanner will provide the users and cybersecurity specialists of the University of Sancti Spíritus “José Martí Pérez” and how can they avoid being victims of a phishing attack. Since this tool will, show all the information related to a web site or a URL.

Theatrical framework

The advancements in digital communication technology have made communication between humans more accessible and instant. However, personal and sensitive information may be available online through social networks and online services that lack the security measures to protect this information. Communication systems are vulnerable and can easily be penetrated by malicious users [2].The last few years has seen a rise in the frequency with which people have conducted meaningful transactions online; from making simple purchases to paying bills to banking, and even to getting a mortgage or car loan or paying their taxes. This rise in online transactions has unfortunately been accompanied by a rise in attacks [4, 8].

In this paper will be treating a computer software under development called a web scanner, which as the name indicates it scans a website given its URL.This project started with a thesis on cybersecurity management in the University of Sancti Spíritus “José Martí Pérez” for the department of cyber and information security.

Importance of the web scanner

Every organization, institution, University, company…etc. has a cybersecurity department that keeps all the information whether its personal or work related safe and protected, that being said the cybersecurity specialists need tools and software to facilitates the work.

The University of Sancti Spíritus “José Martí Pérez” is not the exception, in the university there is a cybersecurity department in need of a software that can make the control and monetarization easier.

9

Digital technologies and law

In said university, most of the attacks they suffer from are categorized as social engineering, specifically phishing attacks to the members of all the faculties, students, teachers and employees.

That being said a software like the web scanner proposed in this paper is a very helpful tool for the department and for the members of the university, that way whenever there is a suspicious email sent to any member that contains an URL can be scanned to know what that URL hides. Which makes the web scanner a very important addition to the department, that way they can limit all the phishing attacks in the university.

Methods. The methodology used allowed obtaining a flexible proposal as an alternative solution, susceptible to scientific verification; for this paper were used the following scientific research methods:

From a theoretical point of view:

Historical-logical analysis that allowed the study of the ways in which the standards and norms of cybersecurity have evolved.

Analytical-synthetic analysis, which made it possible to study the main cybersecurity systems, as well as vulnerability detection ways and systems.

From an empirical point of view:

Observation, which guided the study of the state of the art, allowing a systemic, selective and objective analysis of the main systems that can currently carry out vulnerability detection systems.

Unstructured interview, which was applied with the intention of obtaining information regarding vulnerability detection, processes, as well as expert criteria on the subject matter.

Results. The processing of the results obtained with the application of the methods described, allowed to identify the methodologies and tools to develop the system for the vulnerability detection system (Web Scanner) of cybersecurity of the University of Sancti Spíritus «José Martí Pérez», which are presented next.

For the development of the web scanner, the following technologies were chosen: Python: Python is a programming language widely used in web applications, software development, data science, and machine learning (ML). One of the reasons that Python programming language was chosen because it contains many libraries for cyber-

security development.

Linux OS: Linux is a Unix-like, open source and community-developed operating system (OS) for computers, servers, mainframes, mobile devices and embedded devices. It is supported on almost every major computer platform, including x86, ARM and SPARC, making it one of the most widely supported operating systems.

The system works based on a given URL and once it has provided it can scan it showing the following results:

IP address: An IP is an internet protocol address. Essentially, it is a numeric value assigned to a network device, and it is used for the identification and location of a network device. IP addresses are assigned to every type of network device.

An IP address consists of a series of four numbers (each between 0 and 255) separated by periods. For example, an IP address might look like this: 192.168.0.1.

10