Web application vulnerability assessment and policy direction towards a secure smart government Olusesan M. Awoleye a, ⁎, Blessing Ojuloge b , Mathew O. Ilori a a African Institute for Science Policy and Innovation (AISPI), Faculty of Technology, Obafemi Awolowo University, Ile-Ife, Nigeria b National Centre for Technology Management, Agency of the Federal Ministry of Science & Technology, Obafemi Awolowo University, Ile-Ife, Nigeria abstract article info Available online xxxx Keywords: E-government Smart government Web vulnerability Policy Cross site injection SQL injection Cookie manipulation This paper carried out technological analysis of e-government platforms with a view of assessing possible appli- cation flaws that can inhibit smooth running of the available web services provided. Two sets of data were col- lected with an interval of two years on 64 Nigerian government websites. Five web vulnerability variables known to be notorious for web attacks were purposively investigated. In the overall assessment for the two datasets, the average result showed that about 67% are affected by broken links (BL), 43.8% by unencrypted pass- word (UP), 35% by cross site scripting (XSS) and about one out of every four are affected by each of Structured Query Language Injection (SQLi) and cookie manipulation (CM). An independent t test statistic showed that there is a significant difference between the groups for three of the variables investigated, these are: XSS, SQLi and CM at 95% confidence interval. The motivation for this study is premised on the risk that these results pose to the smooth running of the e-government services and the possibility of financial loss. The research thus suggests some useful policy directions to enhance the provision of a secure smarter government. © 2014 Elsevier Inc. All rights reserved. 1. Introduction The growth of the internet and its services has brought innovation in the use of many web applications. This has provided sources of informa- tion for citizens and has created opportunities for businesses to thrive (Zhao & Zhao, 2010). Organizations and government bodies have lever- aged severally on new technologies provided by the web for improved efficiency in service delivery, transparency, increased revenue, cost- saving and global competitiveness (Chen, 2002; Chen & Gant, 2001; Kim, Jeong, & Lee, 2009). Government services which have been charac- terized by rigid bureaucracy are gradually being taken over by e- government. When e-government services become more flexible to access for user's satisfaction it culminates into smarter government which is desirable (Rokhman, 2011). Smart government has been de- scribed as “the implementation of a set of business processes and under- lying information technology capabilities that enable information to flow seamlessly across government agencies”. Smart government as an advanced government presents opportunities that people can avail themselves of, including: services, participation and communication anytime, anywhere and with any device through convergence and inte- gration of smart IT and government services. It provides a platform where the government proactively pushes relevant, unique data to cit- izens based on their profiles. This helps government to provide real time information to her citizens. As changes occur to a citizen's circum- stance, government processes are triggered to provide the appropriate service(s). Despite the benefits of communication through the internet, the proliferation of cyber crime activities has created a big concern (Zhao & Zhao, 2010). For example in a world ranking survey of the top cyber crime perpetrators by country, Nigeria is rated 3rd behind United States and United Kingdom according to the Internet Crime Control Centre. 1 Since e-government projects are provided over an insecure channel like the internet, other important issues surface. In most countries (Nigeria inclusive), there are no governmental infrastructure that supports authentication, confidentiality, integrity and privacy is- sues (Moen, Klingsheim, Simonsen, & Hole, 2007). There are also other problems related to web applications that can give unexpected conse- quences when e-government solutions are deployed. It is worth noting to state that amid all these, the rate by which organizations and govern- ment are adopting the use of the web as useful resource is on the in- crease (Ebrahim & Irani, 2005; Gil-García & Martinez-Moyano, 2005; Wangpipatwong, Chutimaskul, & Papasratorn, 2005). It has been identified that some of the motivations for adopting e- government have been largely technology pushed and benefit driven without given adequate attention to security issues. Quite a number of literatures have reiterated the consequence of porting ‘unverified’ web applications (Balduzzi, Gimenez, Balzarotti, & Kirda, 2010; Chien, Government Information Quarterly xxx (2014) xxx–xxx ⁎ Corresponding author at: African Institute for Science Policy and Innovation (AISPI), Faculty of Technology, Obafemi Awolowo University, Ile-Ife, Nigeria. E-mail address: awoleye@yahoo.co.uk (O.M. Awoleye). 1 www.ic3.gov/media/annualreport/2009_ic3report.pdf. GOVINF-01017; No. of pages: 8; 4C: http://dx.doi.org/10.1016/j.giq.2014.01.012 0740-624X/© 2014 Elsevier Inc. All rights reserved. Contents lists available at ScienceDirect Government Information Quarterly journal homepage: www.elsevier.com/locate/govinf Please cite this article as: Awoleye, O.M., et al., Web application vulnerability assessment and policy direction towards a secure smart government, Government Information Quarterly (2014), http://dx.doi.org/10.1016/j.giq.2014.01.012