Analisis Vulnerability Management Pada Container Docker Menggunakan Opensource Scanner Berdasarkan Standar Cyber Resilience Review (CRR)

 (*)Milenia Oktaviana Mail (Telkom University, Bandung, Indonesia)
 Adityas Widjajarto (Telkom University, Bandung, Indonesia)
 Ahmad Almaarif (Telkom University, Bandung, Indonesia)

(*) Corresponding Author

Submitted: September 2, 2022; Published: September 30, 2022

Abstract

One of the most widely used container technologies to provide IT services is Docker. The vulnerability in container technology, namely Docker, requires special management. Management of this vulnerability can be done technically with a software vulnerability scanner and standard Cyber Resilience Review (CRR) guidelines. Experiments were carried out with Aquasec and Anchore scanners that performed vulnerability scanning on two Docker Images systems. The two vulnerable systems have different versions, namely version – 1 and version – 2. The software elements in version – 2 have a higher versioning level than version – 1. Experimental data in the form of vulnerability reports are analyzed based on Cyber Resilience Review (CRR) which focuses on four stages namely Define a Strategy, Develop a Plan, Implement the Capability, Assess and Improve the Capability. So that the results of Category Vulnerability are obtained, namely 30 Closed Vulnerability, 10 Open Vulnerability, and 13 Newly Vulnerability. Continuation of this research can use aspects of Patch Management with more varied software tools.

Keywords


Docker; Vulnerability; Scanner; Cyber Resilience Review (CRR)

Full Text:

PDF


Article Metrics

Abstract view : 48 times
PDF - 18 times

References

M. Y. Darus, Alat Penilaian Kerentanan Web untuk Sistem Manajemen Konten, 2020.

Shu, R., Gu, X., & Enck, W. (2017). A study of security vulnerabilities on docker hub. CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy, 269–280.

T. Astriani, "Analisa Kerentanan Pada Vulnerable Docker Menggunakan Scanner Openvas Dan Docker Scan Dengan Acuan Standar NIST 800-115," Jurnal Teknik Informatika dan Sistem Informasi, vol. 8, pp. 2041-2050 , 2021.

Ghugar, U. (n.d.). Approach to an Efficient Vulnerability Management Program. Retrieved September 7, 2017, from https://www.academia.edu/33788012/Approach_to_an_Efficient_Vulnerability_Management_Program

M. Ninovic, "PATCHING, AND WHY IT STILL MATTERS," 2021. [Online]. Available: https://paraflare.com/patching-and-why-it-still-matters/.

LinuxSec, "Menentukan Severity Kerentanan Menggunakan CVSS," 2021. [Online]. Available: https://www.linuxsec.org/2021/09/cara-menghitung-cvss.html.

M. P. Dazzi, "Docker: Why multi-arch images matters?," 2020. [Online]. Available: https://medium.com/gft-engineering/docker-why-multi-arch-images-matters-927397a5be2e.

U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency, Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide, 2020.

U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency, Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide, 2020.

wikiHow, "Cara Menghitung Persentase Perubahan," [Online]. Available: https://id.wikihow.com/Menghitung-Persentase-Perubahan.

C. M. University, Cyber Resilience Review (CRR) Method Description and Self-Assessment User Guide, 2014.

C. Sree, "What Vulnerability Management Metrics Could Make or Break Your Security Program," [Online]. Available: https://www.secpod.com/blog/what-vulnerability-management-metrics-could-make-or-break-your-security-program/.

D. Bisson, "High-Severity Vulnerabilities Now Take Nearly 250 Days to Remediate, Survey Finds," 2021. [Online]. Available: https://securityintelligence.com/news/news-vulnerabilities-25-days-remediate/.

E. Office, "Bandingkan Dua Kolom Untuk Kecocokan Dan Perbedaan Di Excel," [Online]. Available: https://id.extendoffice.com/documents/excel/6392-excel-compare-two-columns.html#percentagechange.

CISA.GOV, "Cybersecurity Framework," [Online]. Available: https://www.cisa.gov/uscert/resources/cybersecurity-framework.

Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel Analisis Vulnerability Management Pada Container Docker Menggunakan Opensource Scanner Berdasarkan Standar Cyber Resilience Review (CRR)

Refbacks

  • There are currently no refbacks.


Copyright (c) 2022 Milenia Oktaviana, Adityas Widjajarto, Ahmad Almaarif

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Jurnal Sistem Komputer dan Informatika (JSON)
Dikelola oleh STMIK Budi Darma
Sekretariat : Jln. Sisingamangaraja No. 338 Telp 061-7875998
email : jurnal.json@gmail.com


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.