30. Juni 2014 von 12:30 – 14:00 Uhr

Ort: S4 14 CASED, room 5.3.01

Dozent/-in: Carel L. van Rooyen, Master of Technology (University of South Africa)

Recent developments in the field of OSS deployments have led to a renewed interest in the vulnerabilities as attack vector through zero day exploits, neglected software upgrade cycles and the vulnerability of unhardened turnkey third-party OSS deployments.

This study aims to answer firstly ’What are the specific versions of the identifiable OSS currently used (Use profile) in the ZA namespace?’, and secondly ’What risks are associated (Risk profile) with the versions identified previously?’

In addition to evaluation methods for the white box identification of active OSS on .za domains, an instrument is built and used for OSS fingerprinting, after which version identification data is connected to existing vulnerability databases. This establishes a reference for unmanaged version control and the associated risk. The top ten OSS Content Management System (CMS) and blog systems are evaluated.

In conclusion, the study gives a broad descriptive overview of .za domain software use followed by statistical testing of vulnerabilities for the top OSS packages. Suggestions are made for future research with notes from the instrument evaluation and development, in addition to scan safety and infrastructure recommendations being discussed.