Vulnerability Management Pada Vulnerable Docker Menggunakan Clair Scanner Dan Joomscan Berdasarkan Standar GSA CIO-IT Security-17-80
DOI:
https://doi.org/10.30865/json.v4i1.4789Keywords:
Vulnerability, Docker Images, Docker Images Application, GSA CIO-IT Security-17-80, Scanning, StagesAbstract
Vulnerabilities in Docker need to be managed considering that this vulnerability is one of the potentials for exploitation, this can happen because Docker is a container related to application and system security. This study analyzes the vulnerability management process in Docker Images and Docker Images Applications using the GSA CIO-IT Security-17-80 standard. This vulnerability search uses two scanning tools, namely Clair Scanner and JoomScan. Vulnerabilities in Docker Images and Docker Images application version - 1, were overcome by creating a new system, namely version - 2 which upgrades the Docker Images software and Docker Images application. The test scenario is run by scanning for vulnerabilities in two versions of the trial system, in the form of a vulnerability report. The data was analyzed using the GSA CIO-IT Security Standard-17-80 which was limited to the stages of Scanning Capabilities, Vulnerability Scanning Process, Vulnerability Scan Reports, Remediation Verification, and Re-Classification of Known Vulnerabilities. The result is the fastest scanning time is in version - 2, the results of the comparison of vulnerabilities obtained are 44.45% on Docker Images and 77.78% on Joomla. So that the contribution that can be given is to provide an overview of the use of the GSA CIO-IT Security-17-80 standard as a guide for managing the security of an IT asset based on the stages carried out. Continuation of research can be in the form of using the 6 stages of GSA with the support of adequate vulnerability data from the right scanner software.References
R. Umar, “REVIEW TENTANG VIRTUALISASI,†2013.
M. Fadlulloh dan R. Bik, “IMPLEMENTASI DOCKER UNTUK PENGELOLAAN BANYAK APLIKASI WEB (Studi Kasus : Jurusan Teknik Informatika UNESA),†2017.
A. EFE, U. ASLAN, dan A. M. KARA, “Securing Vulnerabilities in Docker Images,†International Journal of Innovative Engineering Applications, vol. 4, no. 1, hlm. 31–39, Jun 2020, doi: 10.46460/ijiea.617181.
D. C. Angir, A. Noertjahyana, dan J. Andjarwirawan, “Vulnerability Mapping pada Jaringan Komputer di Universitas X,†Jurnal Infra, vol. 3, no. 2, 2015.
J. Srinivas, A. K. Das, dan N. Kumar, “Government regulations in cyber security: Framework, standards and recommendations,†Future Generation Computer Systems, vol. 92, 2019, doi: 10.1016/j.future.2018.09.063.
General Services Administration, “IT Security Procedural Guide: Vulnerability Management Process CIO-IT Security-17-80,†2021.
T. Astriani, A. Budiyono, dan A. Widjajarto, “Analisa Kerentanan Pada Vulnerable Docker Menggunakan Scanner Openvas Dan Docker Scan Dengan Acuan Standar NIST 800-115,†vol. 8, no. 4, 2021, [Daring]. Available: http://jurnal.mdp.ac.id
F. Hanifah, A. Budiyono, dan A. Widjajarto, “ANALISA KERENTANAN PADA VULNERABLE DOCKER MENGGUNAKAN ALIENVAULT DAN DOCKER BENCH FOR SECURITY DENGAN ACUAN STANDAR FRAMEWORK CIS CONTROL (CSC),†2021.
S. Nanda, U. Ghugar, S. Associate, dan P. Scholar, “Approach to an Efficient Vulnerability Management Program International Journal of Innovative Research in Computer and Communication Engineering Approach to an Efficient Vulnerability Management Program,†Article in International Journal of Innovative Research in Computer and Communication Engineering, 2017, doi: 10.15680/IJIRCCE.2017.
Subhangani dan A. Chaudhary, “Vulnerability Scanning,†2022.
M. Armes, D. Paepke, dan E. Alexander, “GSA Should Establish Goals and Performance Measures to Manage the Smart Buildings Program,†2018.
B. Kaur, M. Dugré, A. Hanna, dan T. Glatard, “An analysis of security vulnerabilities in container images for scientific data analysis,†Gigascience, vol. 10, no. 6, 2021, doi: 10.1093/gigascience/giab025.
Y. N. Kunang, M. Fatoni, dan S. Sauda, “PENGUJIAN CELAH KEAMANAN PADA CMS (CONTENT MANAGEMENT SYSTEM),†Prosiding SeNAIK, hlm. 398–406, 2013.
M. Muchson, Statistik Deskriptif. Bogor: Guepedia, 2017.
FIRST, “Common Vulnerability Scoring System SIG,†2019. https://www.first.org/cvss/
