The National Information Technology Development Agency (NITDA) has issued a position paper on the University Transparency and Accountability Solution (UTAS), a payment platform created by the Academic Staff Union of Universities (ASUU).
NITDA was asked to participate in an interactive session with ASUU, the Federal Government, and the National Assembly on October 14, 2020, according to Hadiza Umar, Head, Corporate Affairs and External Relations.
The panel resolved that NITDA should conduct an Integrity Test on the platform and provide relevant advice to the government.
User Acceptance Test (UAT), Stress Test and Vulnerability Assessment, and Penetration Test are three tests outlined in the Software Testing and Quality Assurance Framework and Guideline, according to the spokesman (VAPT).
The National Universities Commission (NUC) initially ran the UAT after ASUU submitted the prerequisites in January 2021, according to Umar.
However, following a review, NITDA conducted an end-users test on August 10, 2021. About 46 employees from 28 Federal Universities took part, primarily from the Vice Chancellor’s Office, Human Resources, Accounts, and Bursary.
According to the agency, various constraints, such as the participants’ restricted ICT tools for the exercise, had a detrimental influence on the assessment’s conclusion.
The VAPT on the UTAS platform was then conducted by NITDA, which discovered “5 High-Risk vulnerabilities that are likely to have a detrimental impact on the platform if exploited.”
“In addition, two Low-Risk vulnerabilities were discovered.” The High-Risk Vulnerabilities have been fixed, according to a second examination of the revised version of the Solution.
“However, there was one Medium Risk, three Low Risks, and 44 Informational Risks found. These were also conveyed effectively to all key parties, including ASUU.
“Our team performed a thorough Functionality/User Acceptance Test on the platform. There were 687 test cases in all, with 529 passing, 156 failing, and two cautious cautions.”
NITDA stated that it was unable to recommend the deployment of UTAS and so requested that ASUU improve on the payment platform and re-submit it.
Another engagement began on March 8, 2022, with a discussion on the technique to be utilized as defined in the Software Testing and Quality Assurance Framework and Guideline, according to the agency.
“A crucial mistake happened shortly after we reached an agreement and began the real test, and the test could not continue.” As a result, the meeting had to be postponed in order for the ASUU Team to address the problem.
“We feel that the engagement allowed ASUU to better understand and appreciate NITDA’s dedication and professionalism in carrying out its tasks.”
Before UTAS can be regarded to satisfy NITDA’s due diligence criteria, NITDA stipulates that important features must be built, tested, and passed.
Umar said the union will submit an update on the security problems noted for further evaluation, noting that the areas for improvement have been discussed with the ASUU team.