Security test MOODLE: a penetration testing case study

Mudiyanselage, Akalanka Karunarathne and Pan, Lei (2017) Security test MOODLE: a penetration testing case study. International Journal of Computers and Applications. pp. 1-11.

Full text not available from this repository.
Official URL: https://doi.org/10.1080/1206212X.2017.1396413

Abstract

Moodle project http://moodle.org is one of the most widely used web application packages for delivering teaching materials in universities and colleges. Despite its popularity and high level of acceptance of teachers and decision-makers, the security aspects of Moodle has not been well-mentioned in publications; to our best knowledge, no active research has been conducted to assess the level of security assurance of Moodle. Because of this lack of Knowledge, many Moodle sites were, have been or are exploited in the following manner – propriety teaching materials were stolen, instructors or administrator’s credentials were compromised, student results were changes and so on. This paper demonstrates a security testing case for identifying security vulnerabilities of Moodle. Using automated, manual source code review and web application penetration testing we have demonstrated a sound PHP-based security assessment methodology for Moodle. As a result, we have identified nine security vulnerabilities from Moodle 2.6. The description and security analysis of these vulnerabilities are provided in details. In order to utilize this framework, the tester should have advanced technical skills in operating a source code scanner to differentiate the false positives the scanning results, advanced source code review skills to identify application logic related vulnerabilities and advanced web application penetration testing skills to validate the results from the automated/manual source code review and technical findings that were missed during the source code review. Readers of this paper are encouraged to use our methodology to perform security assessment for their versions of Moodle and to extend the features/functionalities of the testing methodology to further expand the test coverage.

Item Type: Article
Uncontrolled Keywords: cyber security, Moodle, Penetration testing, security analysis, vulnerability
Depositing User: Elizabeth Dalton
Date Deposited: 16 Dec 2019 23:40
Last Modified: 16 Dec 2019 23:40
URI: http://research.moodle.org/id/eprint/449

Actions (login required)

View Item View Item
Moodle Research Library is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.