Evaluasi Risiko Celah Keamanan Aplikasi E-Office menggunakan Metode OWASP

Tata Sutabri; Adi Wijaya; Muhammad Izman Herdiansyah; Edi Surya Negara

doi:10.29408/edumatic.v8i1.25463

Authors

Tata Sutabri Program Studi Teknik Informatika, Universitas Bina Darma
Adi Wijaya Program Studi Teknik Informatika, Universitas Bina Darma
Muhammad Izman Herdiansyah Program Studi Teknik Informatika, Universitas Bina Darma
Edi Surya Negara Program Studi Teknik Informatika, Universitas Bina Darma

DOI:

https://doi.org/10.29408/edumatic.v8i1.25463

Keywords:

e-office, owasp, vulnerability, evaluation, risk

Abstract

Based on data from Badan Siber dan Sandi Negara (BSSN) in 2022, it was reported that a total of 1,950 security vulnerabilities were found in 457 electronic systems across various applications widely used by the public. The purpose of this research is to evaluate the risk of existing security vulnerabilities in the E-Office application and determine the level and impact that these vulnerabilities can cause. This research focuses on information system security, specifically evaluating the risk of security vulnerabilities in the E-Office application of the Ogan Ilir Regency. The research was conducted using the Open Web Application Security Project (OWASP) method with a risk rating assessment. The research process began with a literature review to gather data and information sources, determine the scope and research objectives, test, identify security vulnerabilities, analyze security vulnerabilities, and the results of the analysis. The research subject is the E-Office application of Ogan Ilir Regency, with the object of the research being the security vulnerabilities in that application. OWASPZap was used as a tool to obtain data on security vulnerabilities, and using OWASPZap, 38 security vulnerabilities were found, with 18 of them meeting the criteria of the OWASP Top 10. Our findings indicate that the security vulnerabilities in the E-Office application of Ogan Ilir Regency include vulnerabilities in authentication levels, access control, configuration, and data validation processes.

References

Abdurrohim, I. (2019). Penetration Testing Sistem Keamanan Aplikasi Web Berbasis e-Commerce Pada Perusahaan Hptasik. Jurnal Ilmu Komputer, 1, 125–131.

Andhika, D. A. (2021). Pengujian Ketahanan Website Menggunakan Model Penetration Testing Execution Standard (PTES). Journal of Technology and Informatics Universitas Dinamika, 3, 55–61. https://doi.org/https://doi.org/10.37802/joti.v3i2.222

Ardiyasa, I. W., & Ndok, Theresia, A. (2023). Penetration Testing Keamanan Sistem Informasi Berbasis Web dengan Metode OSSTMM. Seminar Nasional Corisindo, 348–353.

Aryanti, D., Nurholis, & Utamajaya, J. N. (2021). Analisis Kerentanan Keamanan Website Menggunakan Metode OWASP (Open Web Application Security Project) pada Dinas Tenaga Kerja. Jurnal Nasional Indonesia, 1, 15–25. https://doi.org/https://doi.org/10.54543/fusion.v1i03.53

Candra, R. M., Sari, Y. N., Iskandar, I., & Yanto, F. (2019). Sistem Manajamen Risiko Keamanan Aset Teknologi Informasi Menggunakan ISO 31000 : 2018. Jurnal CoreIT, 5(1), 19–28.

Dwiaranda, R. Y., Budiyono, A., & Widjajarto, A. (2020). Implementasi Dan Analisis Security Auditing Menggunakan Open Source Software ARE Dengan Framework Stride. E-Proceeding of Engineering, 7(2), 7088–7095.

Fachrezi, M. I., Cahyono, A. D., & Tanaem, P. F. (2021). Manajemen Risiko Keamanan Aset Teknologi Informasi Menggunakan Iso 31000:2018 Diskominfo Kota Salatiga. JATISI (Jurnal Teknik Informatika Dan Sistem Informasi), 8(2), 764–773. https://doi.org/10.35957/jatisi.v8i2.789

Ghozali, B., Kusrini, & Sudarmawan. (2019). Mendeteksi Kerentanan Keamanan Aplikasi Website Menggunakan Metode Owasp (Open Web Application Security Project) Untuk Penilaian Risk Rating. Creative Information Technology Journal, 4, 264–275. https://doi.org/10.24076/citec.2017v4i4.119

Guntoro, Costaner, L., & Musfawati. (2020). Analisis Keamanan Web Server Open Journal System (Ojs) Menggunakan Metode Issaf Dan Owasp (Studi Kasus Ojs Universitas Lancang Kuning). JIPI (Jurnal Ilmiah Penelitian Dan Pembelajaran Informatika), 5(1), 45–55. https://doi.org/10.29100/jipi.v5i1.1565

Gustian, D. (Ed.). (2023). Keamanan Sistem Informasi. Bandung: Indie Press.

Kadir, A. (2018). Buku Pengenalan Sistem Informasi (Revisi). Yogyakarta; Andi.

Listartha, I. M. E., Mitha, I. M. A. P., Arta, M. W. A., & Arimika, I. K. W. Y. (2022). Analisis Kerentanan Website SMA Negeri 2 Amlapura Menggunakan Metode OWASP (Open Web Application Security Project). Simkom, 7(1), 23–27. https://doi.org/10.51717/simkom.v7i1.63

Marzuki, M., Herdiansyah, M. I., Negara, E. S., & Sutabri, T. (2023). Analisis Layanan Digital SP4N LAPOR E-Government pada Pemerintahan Kota Pagaralam Menggunakan Model Delone And Mclean. Jurnal Teknologi Informatika Dan Komputer, 9, 1189–1203. https://doi.org/10.37012/jtik.v9i2.1787

Nurul, S., Anggrainy, S., & Aprelyani, S. (2022). Faktor-Faktor Yang Mempengaruhi Etika Sistem Informasi: Moral, Isu Sosial Dan Etika Masyarakat (Literature Review Sim). Jurnal Ekonomi Manajemen Dan Sistem Informasi, 3(2), 520–529. https://doi.org/10.38035/jmpis.v3i2.1115

Rabbani, Athallariq, M., Budiyono, A., & Widjajarto, A. (2020). Implementasi dan Analisis Security Auditing Menggunakan Open Source Software Dengan Framework Mitre ATT&CK. E-Proceeding of Engineering, 7(2), 7080–7087.

Rochaety, E. (2017). Sistem Informasi Manajemen. Jakarta: Mitra Wacana Media.

Rochman, A., Salam, R. R., & Maulana, S. A. (2021). Analisis Keamanan Website dengan Information System Security Assessment Framework (ISSAF) dan Open Web Application Security Project (OWASP) di Rumah Sakit XYZ. Jurnal Indonesia Sosial Teknologi: P–ISSN: 2723 - 6609, 2(4), 506–519. https://doi.org/10.36418/jist.v2i4.124

Sadya, S. (2023). APJII: Pengguna Internet Indonesia 215,63 Juta pada 2022-2023. https://dataindonesia.id/internet/detail/apjii-pengguna-internet-indonesia-21563-juta-pada-20222023

Sayuthi. (2021). Konsep Pengendalian Intern Untuk Keamanan Sistem Informasi. Al-Buhuts, 17(2), 290–308. https://doi.org/10.30603/ab.v17i2.2370

Yusuf, A., Arianto, T., & Amanda, C. D. (Eds.). (2022). Lanskap Keamanan Siber Indonesia 2022. BSSN. Jakarta.