Analisis Vulnerability Management Pada Container Docker Menggunakan Opensource Scanner Berdasarkan Standar Cyber Resilience Review (CRR)

Milenia Oktaviana; Adityas Widjajarto; Ahmad Almaarif

doi:10.30865/json.v4i1.4787

Authors

Milenia Oktaviana Telkom University, Bandung
Adityas Widjajarto Telkom University, Bandung
Ahmad Almaarif Telkom University, Bandung

DOI:

https://doi.org/10.30865/json.v4i1.4787

Keywords:

Docker, Vulnerability, Scanner, Cyber Resilience Review (CRR)

Abstract

One of the most widely used container technologies to provide IT services is Docker. The vulnerability in container technology, namely Docker, requires special management. Management of this vulnerability can be done technically with a software vulnerability scanner and standard Cyber Resilience Review (CRR) guidelines. Experiments were carried out with Aquasec and Anchore scanners that performed vulnerability scanning on two Docker Images systems. The two vulnerable systems have different versions, namely version â€“ 1 and version â€“ 2. The software elements in version â€“ 2 have a higher versioning level than version â€“ 1. Experimental data in the form of vulnerability reports are analyzed based on Cyber Resilience Review (CRR) which focuses on four stages namely Define a Strategy, Develop a Plan, Implement the Capability, Assess and Improve the Capability. So that the results of Category Vulnerability are obtained, namely 30 Closed Vulnerability, 10 Open Vulnerability, and 13 Newly Vulnerability. Continuation of this research can use aspects of Patch Management with more varied software tools.

Author Biography

Milenia Oktaviana, Telkom University, Bandung

Program Studi Sistem Informasi

References

M. Y. Darus, Alat Penilaian Kerentanan Web untuk Sistem Manajemen Konten, 2020.

Shu, R., Gu, X., & Enck, W. (2017). A study of security vulnerabilities on docker hub. CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy, 269â€“280.

T. Astriani, "Analisa Kerentanan Pada Vulnerable Docker Menggunakan Scanner Openvas Dan Docker Scan Dengan Acuan Standar NIST 800-115," Jurnal Teknik Informatika dan Sistem Informasi, vol. 8, pp. 2041-2050 , 2021.

Ghugar, U. (n.d.). Approach to an Efficient Vulnerability Management Program. Retrieved September 7, 2017, from https://www.academia.edu/33788012/Approach_to_an_Efficient_Vulnerability_Management_Program

M. Ninovic, "PATCHING, AND WHY IT STILL MATTERS," 2021. [Online]. Available: https://paraflare.com/patching-and-why-it-still-matters/.

LinuxSec, "Menentukan Severity Kerentanan Menggunakan CVSS," 2021. [Online]. Available: https://www.linuxsec.org/2021/09/cara-menghitung-cvss.html.

M. P. Dazzi, "Docker: Why multi-arch images matters?," 2020. [Online]. Available: https://medium.com/gft-engineering/docker-why-multi-arch-images-matters-927397a5be2e.

U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency, Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide, 2020.

wikiHow, "Cara Menghitung Persentase Perubahan," [Online]. Available: https://id.wikihow.com/Menghitung-Persentase-Perubahan.

C. M. University, Cyber Resilience Review (CRR) Method Description and Self-Assessment User Guide, 2014.

C. Sree, "What Vulnerability Management Metrics Could Make or Break Your Security Program," [Online]. Available: https://www.secpod.com/blog/what-vulnerability-management-metrics-could-make-or-break-your-security-program/.

D. Bisson, "High-Severity Vulnerabilities Now Take Nearly 250 Days to Remediate, Survey Finds," 2021. [Online]. Available: https://securityintelligence.com/news/news-vulnerabilities-25-days-remediate/.

E. Office, "Bandingkan Dua Kolom Untuk Kecocokan Dan Perbedaan Di Excel," [Online]. Available: https://id.extendoffice.com/documents/excel/6392-excel-compare-two-columns.html#percentagechange.

CISA.GOV, "Cybersecurity Framework," [Online]. Available: https://www.cisa.gov/uscert/resources/cybersecurity-framework.