Description:
The government of Tanzania has been adopting various webbased systems to improve public services to its citizens. With
these systems being online, security and privacy have started
to play a key role. Many systems use HTTP over Transport
Layer Security (HTTPS) to secure their web front ends.
However, many HTTPS implementations still suffer from
several security and privacy problems. This study investigated
the security of HTTPS implementations government webbased systems in Tanzania. Using a sample of 74 government
web-based systems, an automated tool testssl was used to
check for well-known HTTPS/SSL vulnerabilities,
configuration mistakes, support for outdated and vulnerable
protocols, and adherence to HTTPS best practices. Results
show that 43% of web systems have serious HTTPS security
issues due to vulnerabilities, and configuration mistakes.
These issues can lead to system com- promise, disclosure of
sensitive information, and loss of privacy to citizens. The
study highlights these security issues that may have been
overlooked and offers suggestions that may prevent them in
the future