Using soft systems methodology and activity theory to exploit security of web applications against heartbleed vulnerability
Loading...
Date
2015
Journal Title
Journal ISSN
Volume Title
Publisher
International Journal of Computing and ICT Research,
Abstract
The number of security incidents exploiting security holes in the web applications is increasing. One of the
recently identified vulnerability in the web applications is the Heartbleed bug. The Heartbleed bug is a
weakness found in OpenSSL, open source cryptographic software. In this study, both quantitative and
qualitative research methodologies were employed. Case study and content/documentary analysis research
methods were used to collect data for probing the web applications which are vulnerable to the bug. Due to
the complexity of the problem, Soft Systems Methodology was adopted for the management of the analysis of
data. The evaluation of security of web applications involved 64 selected websites of higher education
institutions in Africa. SSM was supported by a theory called Activity Theory. The collected data was analysed
using “R statistical computing package”. The study found that 89% of the universities web applications in
Africa were vulnerable to the Heartbleed attack; and 11% of the universities web applications in Africa were
not vulnerable to Heartbleed on the public announcement of the bug. But about two months later after the
public announcement of the bug, 16% of the most universities web applications which were vulnerable were
patched for the Heartbleed bug. The study seeks to contribute in application of Soft Systems Methodology and
Activity Theory in the body of knowledge of information systems security (ISS).
Description
International Journal of Computing and ICT Research, Vol. 8, Issue 2, June 2015
Keywords
Computing Management, Heartbleed bug, Web application, System security, Activity theory, Information systems security (ISS)