Proceedings of the 4 th International Conference on Computing and Informatics, ICOCI 2013 28-30 August, 2013 Sarawak, Malaysia. Universiti Utara Malaysia (http://www.uum.edu.my ) Paper No. 048 286 PENETRATION TESTING FOR LIBYAN GOVERNMENT WEBSITE Rabia Ihmouda Hassan 1 and Najwa Hayaati Binti Mohd Alwi 2 1 Universiti Sains Islam Malaysia, rbhamouda@yahoo.com 2 Universiti Sains Islam Malaysia, najwa@usim.edu.my APSTRACT: The study explores the security issues in the Libyan Government websites focusing on assessing the vulnerability and security weaknesses of various websites of the Libyan Government ministries. The study is divided into three stages. In the first stage, literature review was conducted to understand the nature of the problem. Data were collected in the second and third stage of study. In the second stage, three Web application scanner tools were used for checking and evaluate the government websites for common vulnerabilities, and analyzing security level for each of these websites. In the last stage, more insight into the security related issue of the Libyan government websites is obtained through interview with the expert. Using these two methods, a deeper understanding of the status of security level in the Libyan government‘s websites is presented from the standard security point of view and the need for a research to address and overcome the problem is also asserted. Keywords: E-government, Information Security, Website Vulnerability INTRODUCTION The concept of an e-government is to provide access to government services anywhere at any time over open networks. It has a potential to bring about higher quality and more cost effective government, besides the better relationships between citizens and the government. The purpose of e-government is to set up new internal and external communication channels, to simplify administrative procedures and to enhance the accessibility of services and information (German Development Institute, 2003).It is believed that the implementation and policymaking of governments can be transformed with the help of ICT by replacing traditional services with computerized ones. Since the e-government uses the tools and systems of ICT(Moise & Popa, 2008), therefore the security and protection of privacy is important in the e-government. The term ‗Security‘ generally refers to the protection of information system assets and control of access to information. Without the assurance of security to the privacy nobody would be prompted to use e-government. According to Cenzic (2009), the web is becoming a dominant threat to computer security. In the second half of 2009, 82% of the reported commercial vulnerabilities were related to web technologies (higher than 78% in the first half of the 2009). According to Maple et al. (2010), in the report of the cases investigated by SAFE UK, 86% of the attacks exploited vulnerability in the web interface, while only 14% targeted other parts of the infrastructure. Attackers know that valuable data passes through the web, and the web interface is accessible to outsiders, thus making the web a logical point of attack. Therefore, websites owner need to pay attention to some high-risk vulnerabilities that may endanger the reliability and integrity of their websites.