VULNERABILITY SCANNING WEBSITE PMB MENGGUNAKAN OPEN WEB APPLICATION SECURITY PROJECT (OWASP)

Authors

  • Sari Prabandari Politeknik LP3I Jakarta

Abstract

Information and communication technology has increased significantly over the past few decades. Websites are often the target of cyber attacks because there are vulnerabilities that can be exploited by attackers. This study aims to conduct a Vulnerability Assessment (VA) on the website of admission of new students by following the guidelines of the Open Web Application Security Project (OWASP). OWASP provides a list of the top ten vulnerabilities that are often found in web applications, such as SQL Injection, XSS (Cross-Site Scripting), and CSRF (Cross- Site Request Forgery). This study uses the Vulnerability Assessment and Penetration Testing (VAPT) method, which consists of several stages: information gathering, scanning to identify security holes, and generating reports. The tool that used include OWASPZAP to detect and test vulnerabilities. This study produces a report that identifies 33,3% medium risk level vulnerabilities (six flags), 38% low risk level vulnerabilities (seven flags), 27,7% Informational Risk Level ( 5 flags) and no high-level vulnerabilities. It is hoped that these results can help IT staff in improving the security and convenience of accessing their pmb websites.

References

Andhika, “Mengenal Vulnerability Assessment and Penetration Testing (VAPT): Apa itu dan Mengapa Penting?,” Fourtrezz, 2023. Accessed: Aug. 03, 2024. [Online]. Available: https://fourtrezz.co.id/mengenal-vulnerability-assessment-and-penetration-testing-vapt- apa-itu-dan-mengapa-penting/

A. F. Hasibuan and D. Handoko, “Analisis Keretanan Website Dengan Aplikasi Owasp Zap,” Jurnal Ilmu Komputer dan Sistem Informasi, vol. 2, no. 2, pp. 257–270,2023, [Online]. Available: https://jurnal.unityacademy.sch.id/index.php/jirsi/article/view/51

A. Syarifuddin Syahab, “Analisis Audit Keamanan Informasi Website Dari Drown Attack Menggunakan Network Mapper Dan Qualys Ssl,” Jurnal Manajemen Informatika & Sistem Informasi (MISI), vol. 6, no. 1, 2023, doi: 10.36595/misi.v5i2.

C. Darmawan, J. P. P. Naibaho, and A. De Kweldju, “Penerapan Metode Vulnerability Assessment untuk Identifikasi Keamanan Website berdasarkan OWASP ID Tahun 2021,” Edumatic: Jurnal Pendidikan Informatika, vol. 8, no. 1, pp. 272–281, Jun. 2024, doi: 10.29408/edumatic.v8i1.25834.

D. A. Rabbani, “Pengaruh Perkembangan Teknologi terhadap Kehidupan dan Interaksi Sosial Masyarakat Indonesia,” 2023. [Online]. Available: https://www.researchgate.net/publication/375525102

Dedi Supriadi1*,Emi Suryadi2, Rudi Muslim3, Lalu DelsiSamsumar41,2,3,4Universitas Teknologi Mataram, Indonesia Journal of Data Analytics, Information, and Computer Science (JDAICS)Volume 1, No 4–Oktober 2024e-ISSN : 3032-4696 Hal. 232 Implementasi Vulnerability Assessment Owasp (Open Web Application Security Project) Pada Websiteuniversitas Teknologi Mataram

D. Yadav, D. Gupta & D. Singh (2018). Vulnerabilities and Security of Web Applications.

E. Nurelasari, D. Gumilang, and A. Farabi, “Analisis Keamanan Sistem Website Menggunakan Metode Open Web Application Security Project (Owasp)Pada Simantep.Id,” 2024.

E. Irawadi Alwi & F. Umar (2020). Analisis Keamanan Website Menggunakan Teknik Footprinting dan Vulnerability Scanning.

E. Z. Darojat, E. Sediyono, and I. Sembiring, “Vulnerability Assessment Website EGovernment dengan NIST SP 800-115 dan OWASP Menggunakan Web Vulnerability Scanner,” JURNAL SISTEM INFORMASI BISNIS, vol. 12, no. 1, pp. 36– 44, Sep. 2022, doi: 10.21456/vol12iss1pp36-44

I. O. Riandhanu, “Analisis Metode Open Web Application Security Project (OWASP) Menggunakan Penetration Testing pada Keamanan Website Absensi,” Jurnal Informasi dan Teknologi, Oct. 2022, doi: 10.37034/jidt.v4i3.236

Mira Orisa and M. Ardita, “Vulnerability Assesment Untuk Meningkatkan Kualitas Kemanan Web,” Jurnal Mnemonic, vol. 4, no. 1, pp. 16–19, 2021, doi: 10.36040/mnemonic.v4i1.3213.

N. A. Syarifudin and L. Setiyani, “Analysis of Higher Education SIAKAD Website Security Gaps Using the Vulnerability Assessment Method,” International Journal of Multidisciplinary Approach Research and Science, vol. 1, no. 03, pp. 332–344, Aug. 2023, doi: 10.59653/ijmars.v1i03.177

R. D. Hapsari and K. G. Pambayun, “ANCAMAN CYBERCRIME DI INDONESIA: Sebuah Tinjauan Pustaka Sistematis,” Jurnal Konstituen, vol. 5, no. 1, pp. 1–17, Oct. 2023, doi: 10.33701/jk.v5i1.3208.

S. Kumar, et al. (2017). A Study on Web Application Security and Detecting Security Vulnerabilities

Downloads

Published

2025-01-19

Issue

Vol. 9 No. 2 (2024): JURNAL LENTERA ICT, NOVEMBER 2024

Section

JURNAL LENTERA ICT

License

Copyright (c) 2024 Author

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.