Whereas the world relies on computer systems for providing public services, there is a lack of academic work that systematically assess the security of government systems. To partially fill this gap, we conducted a security evaluation of publicly available systems from public institutions. We revisited OWASP top-10 and identified multiple vulnerabilities in deployed services by scanning public government networks. Overall, the unprotected services found have inadequate security level, which must be properly discussed and addressed.
翻译:虽然世界依靠计算机系统提供公共服务,但缺乏系统评估政府系统安全的学术工作,为部分填补这一空白,我们对公共机构的公开系统进行了安全评估,重新审视了OWASP前10名,并通过扫描公共政府网络查明了已部署服务的多重弱点,总体而言,发现未受保护的服务不够安全,必须适当讨论和处理。