Penerapan Metode Vulnerability Assessment untuk Identifikasi Keamanan Website berdasarkan OWASP ID Tahun 2021

Authors

  • Candra Darmawan Program Studi Teknik Informatika, Universitas Papua
  • Julius Panda Putra Naibaho Program Studi Teknik Informatika, Universitas Papua
  • Alex De Kweldju Program Studi Teknik Informatika, Universitas Papua

DOI:

https://doi.org/10.29408/edumatic.v8i1.25834

Keywords:

university of papua, website vulnerability, vapt, mitigation, owasp id in 2021

Abstract

Universities, as educational institutions, are potential targets of cyber attacks. This is inevitable problem, one of which  the University of Papua (UNIPA). The purpose this research is to find the security gaps the UNIPA website based on OWASP ID in 2021 and implement mitigation. Type of research is quantitative research with Vulnerability Assessment and Penetration Testing Life Cycle (VAPT) method. The VAPT method in research goes through five stages, namely scope, information gathering, vulnerability assessment, risk assessment, and reporting. The object of research is UNIPA website. Data collection uses primary data, the results of scanning the Zed Attack Proxy (ZAP) application. Data obtained from alerts ID, alerts, risk, and OWASP ID as information on vulnerability of UNIPA website. Research data analysis using OWASP ID. The results our findings, the vulnerability of UNIPA website is influenced by two factors, website security weaknesses and user negligence. Vulnerabilities with alerts ID A1, A2, A3, A4 A5, and A6 are a group website security weaknesses. The solution, vulnerabilities need utilize special systems such as anti-CSRF, CSP, CDN, Strict-Transport-Security Header, and timestamp checking so that the website is proportional. Meanwhile, the vulnerability with alerts ID A7 is a classification of user negligence. The solution is users must use the latest version of the browser. Browsers with latest version have X-Content-Type-Options: nosniff security mechanism to prevent sniffing attacks.

References

Budiman, A., Ahdan, S., & Aziz, M. (2021). Analisis Celah Keamanan Aplikasi Web E-Learning Universitas Abc Dengan Vulnerability Assesment. Jurnal Komputasi, 9(2), 1–10.

Damayanti, T. H., & Hikmah, I. R. (2022). Network Forensic Serangan DoS pada Jaringan Cloud berdasarkan Generic Framework for Network Forensics (GFNF). Edumatic: Jurnal Pendidikan Informatika, 6(2), 334–343. https://doi.org/10.29408/edumatic.v6i2.6466

Darwis, E., Junaedy, & Musdar, I. A. (2022). Analisis Kerentanan Website Renovaction Menggunakan Rangkaian Security Tools Project Berdasarkan Framework Owasp. KHARISMA Tech, 17(1), 1–15. https://doi.org/10.55645/kharismatech.v17i1.170

Ekawijana, A., Bakhrun, A., & Kurniawan, M. . (2024). Deteksi Serangan DDOS Pada Jaringan SDN dengan Metode Random. Jurnal Media Informatika Budidarma, 8, 685–694.

Hafitzhah, Y., Yunan, U., Septo, K., & Fathinuddin, M. (2023). Strategi Security Mitigation Dengan VAPT Pada Website Rekruitasi Asisten Praktikum. Jurnal Riset Sistem Informasi Dan Teknik Informatika, 8, 627–639.

Ibrahim, A. M., Defisa, T., & Seta, H. B. (2022, October). Analisis Keamanan Sistem pada Website Perusahaan CV. Kazar Teknologi Indonesia dengan Metode Vulnerability Assesment and Penetration Testing (VAPT). Prosiding Seminar Nasional Mahasiswa Bidang Ilmu Komputer dan Aplikasinya, 3(1), 312-325.

Kestina, L., & Widi Nurcahyo, G. (2023). Penanganan Celah Keamanan Website dengan Ethical Hacking dan Issaf Menggunakan Acunetix Vulnerability (Studi Kasus di Bkpsdmd Kabupaten Kerinci). INNOVATIVE: Journal Of Social Science Research, 3(4), 9192–9203.

Kusumaningrum, A., Wijayanto, H., & Raharja, B. D. (2022). Pengukuran Tingkat Kesadaran Keamanan Siber di Kalangan Mahasiswa saat Study From Home dengan Multiple Criteria Decision Analysis (MCDA). Jurnal Ilmiah SINUS, 20(1), 69. https://doi.org/10.30646/sinus.v20i1.586

Muhyidin, Y., Hafid Totohendarto, M., Undamayanti, E., & Tinggi Teknologi Wastukancana, S. (2020). Perbandingan Tingkat Keamanan Website Menggunakan Nmap Dan Nikto Dengan Metode Ethical Hacking. Jurnal Teknologika, 1–10.

Narhudin, D. E., Irawan, B., & Bahtiar, A. (2024). Evaluasi Keamanan Website Menggunakan Metode OWASP : Penilaian Terhadap Serangan Injeksi SQL dan Cross-Site Scripting ( XSS). JATI (Jurnal Mahasiswa Teknik Informatika), 8(1), 675–680. https://doi.org/10.36040/jati.v8i1.8700

Nuroji. (2023). Penerapan Intrusion Detection and Prevention System (IDPS) pada Jaringan komputer sebagai pencegahan serangan Port-Scanning. Journal of Data Science and Information System (DIMIS), 1(2), 41–49.

Riandhanu, I. O. (2022). Analisis Metode Open Web Application Security Project (OWASP) Menggunakan Penetration Testing pada Keamanan Website Absensi. Jurnal Informasi Dan Teknologi, 4(3), 160–165. https://doi.org/10.37034/jidt.v4i3.236

Rohim, A., & Setiyani, L. (2023). Analisis Celah Keamanan E-LearningPerguruan Tinggi Menggunakan Vulnerability Assessment. Jipakif, 1(1), 1–10. https://doi.org/10.24014/rmsi.v9i1.21823

Romadhon, M. H., Yudhistira, Y., & Mukrodin, M. (2021). Sistem Informasi Rental Mobil Berbsasis Android Dan Website Menggunakan Framework Codeigniter 3 Studi Kasus : CV Kopja Mandiri. Jurnal Sistem Informasi Dan Teknologi Peradaban (JSITP), 2(1), 30–36.

Sansena, Y., & Samsudin, S. (2023). Aplikasi Perhitungan Penyusutan Inventaris Barang menggunakan Decreasing Charge Method Berbasis Website. Edumatic: Jurnal Pendidikan Informatika, 7(1), 169–177. https://doi.org/10.29408/edumatic.v7i1.17572

Syafaat, A. (2024). Identifikasi Kerentanan Keamanan pada Website Fakultas Ilmu Komputer Universitas SUBANG Menggunakan Metodologi OWASP. Jurnal Ilmiah Fakultas Ilmu Komputer Universitas Subang, 11(1), 84–99.

Taryana, Y., & Heryana, N. (2023). Analisis Keamanan Website BPJS Kesehatan Menggunakan Metode Vulnerability Asesement. Joutica, 8(1), 31–37. https://doi.org/10.24014/rmsi.v9i1.21823

Tinambunan, F., Junaidi, A., & Mustika Rizki, A. (2024). Pengujian Sistem Informasi Akademik Universitas X Melalui Pendekatan Penetration Testing Berdasarkan Owasp Top 10. JATI (Jurnal Mahasiswa Teknik Informatika), 8(1), 1062–1069. https://doi.org/10.36040/jati.v8i1.8920

Umar, R., Riadi, I., Ihya, M., & Elfatiha, A. (2023). Analisis Keamanan Sistem Informasi Akademik Berbasis Web Menggunakan Framework ISSAF. Jutisi: Jurnal Ilmiah Teknik Informatika Dan Sistem Informasi, 12(1), 280–292.

Yudiana, Y., Elanda, A., & Buana, R. L. (2021). Analisis Kualitas Keamanan Sistem Informasi E-Office Berbasis Website Pada STMIK Rosma Dengan Menggunakan OWASP Top 10. CESS (Journal of Computer Engineering, System and Science), 6(2), 37-43. https://doi.org/10.24114/cess.v6i2.24777

Zirwan, A. (2022). Pengujian dan Analisis Kemanan Website Menggunakan Acunetix Vulnerability Scanner. Jurnal Informasi Dan Teknologi, 4(1), 70–75. https://doi.org/10.37034/jidt.v4i1.190

Downloads

Published

2024-06-20

Issue

Vol. 8 No. 1 (2024): Edumatic: Jurnal Pendidikan Informatika

Section

Articles

License

Copyright (c) 2024 Candra Darmawan, Julius Panda Putra Naibaho, Alex De Kweldju

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Semua tulisan pada jurnal ini adalah tanggung jawab penuh penulis. Edumatic: Jurnal Pendidikan Informatika bisa diakses secara free (gratis) tanpa ada pungutan biaya, sesuai dengan lisensi creative commons yang digunakan.

Lisensi Creative Commons
This work is licensed under a Lisensi Creative Commons Attribution-ShareAlike 4.0 International License.