SECURITY ASSESSMENT OF MOODLE-BASED DISTANCE LEARNING SYSTEM COMPONENTS USING STATIC ANALYSIS TOOLS
The article presents a methodological approach to assessing the security of software components within the Moodle-based distance learning system using automated static source code analysis methods. The increasing importance of securing educational information systems is emphasized in light of the wi...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Joint Stock Company "Experimental Scientific and Production Association SPELS
2025-07-01
|
| Series: | Безопасность информационных технологий |
| Subjects: | |
| Online Access: | https://bit.spels.ru/index.php/bit/article/view/1818 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | The article presents a methodological approach to assessing the security of software components within the Moodle-based distance learning system using automated static source code analysis methods. The increasing importance of securing educational information systems is emphasized in light of the widespread adoption of LMS platforms that process personal and service-related data of participants in the educational process, including assessment results. Moodle is one of the most popular open source solutions used in university environments, and its modular architecture requires regular security audits due to continuous functional expansion. Within the scope of the study, a critically important module — moodle-tool_componentlibrary – was selected for analysis. This module is responsible for the visual unification of interface elements within the LMS and affects the operation of related components. Using SonarQube (v9.9 LTS) and SonarScanner, deployed in an isolated WSL2 environment via Docker containers, a comprehensive static analysis was performed on 5,892 lines of source code. The analysis revealed 589 issues, distributed as follows: 72 reliability-related problems, 532 maintainability issues, and 2 critical points marked as security hotspots requiring manual review. Complete absence of unit testing (0 % coverage) and an excessive level of code duplication (33.4 %) were also identified, posing risks during functional modification. Based on the obtained metrics, a methodology for calculating a generalized security coefficient was developed. This result indicates the need for refactoring prior to deployment in a production environment and highlights the effectiveness of integrating open source static analysis tools into CI/CD pipelines and the overall maintenance process of LMS platforms. |
|---|---|
| ISSN: | 2074-7128 2074-7136 |