SECURING MVC-BASED LMS PLATFORMS: ADDRESSING AUTHENTICATION, XSS, AND INJECTION VULNERABILITIES
Asri NUHI, Neshat AJRULI, Florim IDRIZI, Florinda IMERI, Agon MEMETI
Abstract
This article presents the most critical security weaknesses of Learning Management Systems (LMS) based on Model-View-Controller (MVC) architecture and a study case from the LMS at University of Tetova. Right down to the weaknesses in authentication and authorization systems (for example, weak passwords or lack of access controls). Furthermore, the study addresses the issue of Cross-Site Scripting (XSS) based, focal and reflected XSS - and how SQL injection threats also impact database security. What makes our work original is of course the case based and pragmatic approach where we dissect real world vulnerabilities in gap analysis and then recommend particular countermeasures (e.g., role base authorization, parameterized query execution). Based on the results, recommendations for LMS security and the confidentiality of educational data are provided.
Pages: 312 - 321