SECURITY ANALYSIS ON WEBSITES USING THE INFORMATION SYSTEM ASSESSMENT FRAMEWORK (ISSAF) AND OPEN WEB APPLICATION SECURITY VERSION 4 (OWASPv4) USING THE PENETRATION TESTING METHOD
(1) Institut Teknologi Telkom Purwokerto
(2) Institut Teknologi Telkom Purwokerto
(3) Institut Teknologi Telkom Purwokerto
(*) Corresponding Author
Abstract
At this time in the rapid development of technology, there must be advantages and disadvantages of a system or technology that was created. Within the scope of the website, there are also many security holes that irresponsible parties can enter. The state of the website at the Telkom Purwokerto Institute of Technology, both University and Faculty websites, already uses Hypertext Transfers Protocol Secure (HTTPS). This study used the Information System Security Assessment Framework (ISSAF) and Open Web Application Project (OWASP) frameworks with the Penetration Testing method. This study aims to determine vulnerabilities on the website s1if.ittelkom-pwt.ac.id. The result of performing vulnerabilities is several vulnerabilities to the Institut Teknologi Telkom Purwokerto (ITTP) Informatics Study Program website, including not updating jquery on the ITTP website. Ten tests have been carried out, five tests using ISSAF and five tests using OWSP version 4. When performing vulnerabilities in the ISSAF framework, found robots files.txt on the S1 Informatics website which is quite crucial for s1if.ittelkom-pwt.ac.id website which contains an exploitable sitemap.Â
Full Text:
PDFReferences
Alfidzar, H., & Zen, B. P. (2022). Implementasi HoneyPy dengan Malicious Traffic Detection System (Maltrail) Menggunakan Analisis Deskriptif guna untuk Mendeteksi Serangan DDOS pada Server. Journal of Informatics Information System Software Engineering and Applications (INISTA), 4(2), 32–45. https://doi.org/10.20895/inista.v4I2.534
Bastian, A., Sujadi, H., & Abror, L. (2020). Analisis Keamanan Aplikasi Data Pokok Pendidikan (Dapodik) Menggunakan Penetration Testing dan SQL Injection. Infotech Journal, 6(2), 65–70. https://doi.org/10.31949/infotech.v6I2.848
Bolanio, J. B., Paredes, R. K., Yoldan, J. A. L., & Acapulco II, R. E. (2021). Network Security Policy for Higher Education Institutions based on ISO Standards. Mediterranean Journal of Basic and Applied Sciences, 5(1), 1–17. https://doi.org/10.1016/S1353-4858(10)70039-8
CNN Indonesia. (2022, January 20). Sistem Keamanan Siber BI Ditembus, Berikut Data yang Dicuri. Retrieved November 8, 2022, from https://www.cnnindonesia.com/teknologi/20220120175527-185-749252/sistem-keamanan-siber-bi-ditembus-berikut-data-yang-dicuri
Dharma, M. A. J. (2005). DOS, DDOS & Cara Penanggulangannya. Universitas Sriwijaya. https://fdokumen.com/document/dos-denial-of-service-halaman-utama-viewbisa-di-tebak-situs-yang.html?page=1
Darmawan, B. I. (2019). Simulasi dan Analisis Encryption Based Ransomware untuk Memetakan Evolusi Ransomware. Universitas Islam Indonesia, Yogyakarta.
Dirgahayu, R. T., Prayudi, Y., & Fajaryanto, A. (2015). Penerapan Metode ISSAF dan OWASP Versi 4 untuk Uji Kerentanan Web Server. Network Engineering Research Operation, 1(3), 190–197. https://doi.org/10.21107/nero.v1I3.29
Ghafir, I., Saleem, J., Hammoudeh, M., Faour, H., Prenosil, V., Jaf, S., … Baker, T. (2018). Security Threats to Critical Infrastructure: the Human Factor. Journal of Supercomputing, 74, 4986–5002. https://doi.org/10.1007/s11227-018-2337-2/tables/1
Haeruddin, & Kurniadi, A. (2021). Analisis Keamanan Jaringan WPA2-PSK Menggunakan Metode Penetration Testing (Studi Kasus: TP-Link Archer A6). Conference on Management, Business, Innovation, Education and Socal Sciences, 508–515. Batam: Universitas Internasional Batam.
Hidayatulloh, S., & Saptadiaji, D. (2021). Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP). Jurnal Algoritma, 18(1), 77–86. https://doi.org/10.33364/algoritma/v.18-1.827
Mulyanto, Y., Haryanti, E., & Jumirah. (2021). Analisis Keamanan Website SMAN 1 Sumbawa Menggunakan Metode Vulnerability Asesement. Jurnal Informatika Teknologi Dan Sains, 3(3), 394–400. https://doi.org/10.51401/jinteks.v3I3.1260
Prasetyo, K. A., Idhom, M., & Wahanani, H. E. (2020). Sistem Pencegahan Serangan Bruteforce pada Multiple Server dengan Menggunakan Fail2ban. Jurnal Informatika Dan Sistem Informasi, 1(3), 709–715. https://doi.org/10.33005/jifosi.v1I3.205
Pratama, I. P. A. E., & Wiradarma, A. A. B. A. (2019). Open Source Intelligence Testing Using the OWASP Version 4 Framework at the Information Gathering Stage (Case Study: X Company). International Journal of Computer Network and Information Security, 11(7), 8–12. https://doi.org/10.5815/ijcnis.2019.07.02
Rochman, A., Salam, R. R., & Maulana, S. A. (2021). Analisis Keamanan Website dengan Information System Security Assessment Framework (Issaf) dan Open Web Application Security Project (Owasp) di Rumah Sakit Xyz. Jurnal Indonesia Sosial Teknologi, 2(4), 506–519. https://doi.org/10.36418/jist.v2i4.124
Samsumar, L. D., & Gunawan, K. (2017). Analisis dan Evaluasi Tingkat Keamanan Jaringan Komputer Nirkabel (Wireless LAN); Studi Kasus di Kampus STMIK Mataram. Jurnal Ilmiah Teknologi Infomasi Terapan, 4(1), 73–82. https://doi.org/10.33197/jitter.vol4.iss1.2017.152
Sanjaya, I. G. A. S., Sasmita, G. M. A., & Arsa, D. M. S. (2020). Evaluasi Keamanan Website Lembaga X melalui Penetration Testing Menggunakan Framework ISSAF. Jurnal Ilmiah Merpati, 8(2), 113–124. https://doi.org/10.24843/jim.2020.v08.i02.p05
Sari, W. P., & Putra, I. N. A. P. (2015). Analisis Serangan Hacker Menggunakan Honeypot High Interaction. Jurnal Tiarsie, 14(1). https://doi.org/10.32816/tiarsie.v14i1.16
Sun, C.-C., Hahn, A., & Liu, C.-C. (2018). Cyber Security of a Power Grid: State-of-the-Art. International Journal of Electrical Power & Energy Systems, 99, 45–56. https://doi.org/10.1016/j.ijepes.2017.12.020
Zen, B. P., Gultom, R. A. G., & Reksoprodjo, A. H. S. (2020). Analisis Security Assessment Menggunakan Metode Penetration Testing dalam Menjaga Kapabilitas Keamanan Teknologi Informasi Pertahanan Negara. Jurnal Teknologi Penginderaan, 2(1), 105–122. https://doi.org/10.5121/csit.2018.81714
DOI: https://doi.org/10.33172/jp.v8i3.1777
INDEXED BY:
Office Address:
Lembaga Penelitian dan Pengabdian Kepada Masyarakat
Republic of Indonesia Defense University
Jl. Salemba Raya No.14, Paseban,Jakarta Pusat, Daerah Khusus Ibukota Jakarta 10440, Indonesia
Email: jurnal.unhan@idu.ac.id
Jurnal Pertahanan: Media Informasi tentang Kajian dan Strategi Pertahanan yang Mengedepankan Identity, Nasionalism dan Integrity is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.