SECURITY ASSESSMENT OF MOODLE-BASED DISTANCE LEARNING SYSTEM COMPONENTS USING STATIC ANALYSIS TOOLS
The article presents a methodological approach to assessing the security of software components within the Moodle-based distance learning system using automated static source code analysis methods. The increasing importance of securing educational information systems is emphasized in light of the wi...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Joint Stock Company "Experimental Scientific and Production Association SPELS
2025-07-01
|
| Series: | Безопасность информационных технологий |
| Subjects: | |
| Online Access: | https://bit.spels.ru/index.php/bit/article/view/1818 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849329489154146304 |
|---|---|
| author | Vladislav K. Kuchmin Grigory O. Krylov |
| author_facet | Vladislav K. Kuchmin Grigory O. Krylov |
| author_sort | Vladislav K. Kuchmin |
| collection | DOAJ |
| description | The article presents a methodological approach to assessing the security of software components within the Moodle-based distance learning system using automated static source code analysis methods. The increasing importance of securing educational information systems is emphasized in light of the widespread adoption of LMS platforms that process personal and service-related data of participants in the educational process, including assessment results. Moodle is one of the most popular open source solutions used in university environments, and its modular architecture requires regular security audits due to continuous functional expansion. Within the scope of the study, a critically important module — moodle-tool_componentlibrary – was selected for analysis. This module is responsible for the visual unification of interface elements within the LMS and affects the operation of related components. Using SonarQube (v9.9 LTS) and SonarScanner, deployed in an isolated WSL2 environment via Docker containers, a comprehensive static analysis was performed on 5,892 lines of source code. The analysis revealed 589 issues, distributed as follows: 72 reliability-related problems, 532 maintainability issues, and 2 critical points marked as security hotspots requiring manual review. Complete absence of unit testing (0 % coverage) and an excessive level of code duplication (33.4 %) were also identified, posing risks during functional modification. Based on the obtained metrics, a methodology for calculating a generalized security coefficient was developed. This result indicates the need for refactoring prior to deployment in a production environment and highlights the effectiveness of integrating open source static analysis tools into CI/CD pipelines and the overall maintenance process of LMS platforms. |
| format | Article |
| id | doaj-art-3fc3f14705c24de9bb0e67e4dc9275e8 |
| institution | Kabale University |
| issn | 2074-7128 2074-7136 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | Joint Stock Company "Experimental Scientific and Production Association SPELS |
| record_format | Article |
| series | Безопасность информационных технологий |
| spelling | doaj-art-3fc3f14705c24de9bb0e67e4dc9275e82025-08-20T03:47:16ZengJoint Stock Company "Experimental Scientific and Production Association SPELSБезопасность информационных технологий2074-71282074-71362025-07-0132313214510.26583/bit.2025.03.111476SECURITY ASSESSMENT OF MOODLE-BASED DISTANCE LEARNING SYSTEM COMPONENTS USING STATIC ANALYSIS TOOLSVladislav K. Kuchmin0Grigory O. Krylov1Moscow Technical University of Communications and InformaticsFinancial University under the Government of the Russian FederationThe article presents a methodological approach to assessing the security of software components within the Moodle-based distance learning system using automated static source code analysis methods. The increasing importance of securing educational information systems is emphasized in light of the widespread adoption of LMS platforms that process personal and service-related data of participants in the educational process, including assessment results. Moodle is one of the most popular open source solutions used in university environments, and its modular architecture requires regular security audits due to continuous functional expansion. Within the scope of the study, a critically important module — moodle-tool_componentlibrary – was selected for analysis. This module is responsible for the visual unification of interface elements within the LMS and affects the operation of related components. Using SonarQube (v9.9 LTS) and SonarScanner, deployed in an isolated WSL2 environment via Docker containers, a comprehensive static analysis was performed on 5,892 lines of source code. The analysis revealed 589 issues, distributed as follows: 72 reliability-related problems, 532 maintainability issues, and 2 critical points marked as security hotspots requiring manual review. Complete absence of unit testing (0 % coverage) and an excessive level of code duplication (33.4 %) were also identified, posing risks during functional modification. Based on the obtained metrics, a methodology for calculating a generalized security coefficient was developed. This result indicates the need for refactoring prior to deployment in a production environment and highlights the effectiveness of integrating open source static analysis tools into CI/CD pipelines and the overall maintenance process of LMS platforms.https://bit.spels.ru/index.php/bit/article/view/1818information security, lms, moodle, static analysis, sonarqube, vulnerabilities, educational information systems, open source, software maintainability. |
| spellingShingle | Vladislav K. Kuchmin Grigory O. Krylov SECURITY ASSESSMENT OF MOODLE-BASED DISTANCE LEARNING SYSTEM COMPONENTS USING STATIC ANALYSIS TOOLS Безопасность информационных технологий information security, lms, moodle, static analysis, sonarqube, vulnerabilities, educational information systems, open source, software maintainability. |
| title | SECURITY ASSESSMENT OF MOODLE-BASED DISTANCE LEARNING SYSTEM COMPONENTS USING STATIC ANALYSIS TOOLS |
| title_full | SECURITY ASSESSMENT OF MOODLE-BASED DISTANCE LEARNING SYSTEM COMPONENTS USING STATIC ANALYSIS TOOLS |
| title_fullStr | SECURITY ASSESSMENT OF MOODLE-BASED DISTANCE LEARNING SYSTEM COMPONENTS USING STATIC ANALYSIS TOOLS |
| title_full_unstemmed | SECURITY ASSESSMENT OF MOODLE-BASED DISTANCE LEARNING SYSTEM COMPONENTS USING STATIC ANALYSIS TOOLS |
| title_short | SECURITY ASSESSMENT OF MOODLE-BASED DISTANCE LEARNING SYSTEM COMPONENTS USING STATIC ANALYSIS TOOLS |
| title_sort | security assessment of moodle based distance learning system components using static analysis tools |
| topic | information security, lms, moodle, static analysis, sonarqube, vulnerabilities, educational information systems, open source, software maintainability. |
| url | https://bit.spels.ru/index.php/bit/article/view/1818 |
| work_keys_str_mv | AT vladislavkkuchmin securityassessmentofmoodlebaseddistancelearningsystemcomponentsusingstaticanalysistools AT grigoryokrylov securityassessmentofmoodlebaseddistancelearningsystemcomponentsusingstaticanalysistools |