Proceeding of the Faculty of technical Sciences, Novi Sad

Information Systems Engineering

Vol. 40 No. 11 (2025): Proceedings of the Faculty of Technical Sciences

NON-INVASIVE SECURITY ANALYSIS OF GOVERNMENT WEB APPLICATIONS IN THE REPUBLIC OF SERBIA

  • Душан Панић
DOI:
https://doi.org/10.24867/32OI03Panic
Submitted
November 10, 2025
Published
2026-03-09

Abstract

This paper explores a non-invasive security analysis of web applications in Republic of Serbia using the web fuzzing method. A customized web fuzzer was developed in the Go programming language which was inspired by military reconnaissance techniques, and enabling efficient automation of vulnerability identification. The system consists of a Job Scheduler as well as DNS and VPN servers, which allow scalability and task coordination. Automatic processing of results utilizes statistical methods for filtering and analysing data, focusing on the analysis of frequency and extreme values in the collected data.

References

  1. [1] Jason Andress, “The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice”, ISBN 9780128008126.
  2. [2] Martin Fletcher, „An introduction to information risk”. The National Archives, доступно: https://www.sciencedirect.com/science/article/abs/pii/S2214212616301806?via%3Dihub
  3. [3] Jurgen Cito, Gerald Schermann, John Erik Wittern, Philipp Leitner, Sali Zumberi, Harald C. Gall, “An Empirical Analysis of the Doker Container Ecosystem on GitHub”, доступно: https://peerj.com/preprints/2905.pdf
  4. [4] “National Intstitute Of Standards And Technology”, доступно: https://csrc.nist.gov/glossary/term/proxy
  5. [5] Paul Ferguson, Geoff Huston, “What is a VPN?”, доступно: https://cpham.perso.univ-pau.fr/ENSEIGNEMENT/COMMUN/vpn_ferguson.pdf
  6. [6] https://www.ibm.com/topics/redis
  7. [7] S. Shepler, B. Callaghan, D. Robinson, R. Thurlow, C. Beame, M. Eisler, D. Noveck, “Network File System (NFS) version 4 Protocol”, доступно: https://www.rfc-editor.org/rfc/pdfrfc/rfc3530.txt.pdf
  8. [8] Owen Garret, “HTTP Keepalive Connections and Web Performance”, доступно:
  9. https://www.f5.com/company/blog/nginx/http-keepalives-and-web-performance
  10. [9] “Mozilla Developer Network Web Docs”, доступно:
  11. https://developer.mozilla.org/en-US/docs/Web/Security/Transport_Layer_Security
  12. [10] “Mozilla Developer Network Web Docs”, доступно:
  13. https://developer.mozilla.org/en-US/docs/Glossary/HTTPS
  14. [11] Leyla Bilge, Engin Kirda, Christopher Kruege, Marco Balduzzi, “EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis”, доступно: https://sites.cs.ucsb.edu/~chris/research/doc/ndss11_exposure.pdf
  15. [12] Списак домена резервисаних за потребе државних органа и организација, доступно: https://www.rnids.rs/registar_dokumenata/2016_10_24-spisak-rezervisani_drzavni.pdf