Vulnerability Management Pada Vulnerable Docker Menggunakan Clair Scanner Dan Joomscan Berdasarkan Standar GSA CIO-IT Security-17-80

 (*)Ryan Supriadi Ramadhan Mail (Telkom University, Bandung, Indonesia)
 Adityas Widjajarto (Telkom University, Bandung, Indonesia)
 Ahmad Almaarif (Telkom University, Bandung, Indonesia)

(*) Corresponding Author

Submitted: September 3, 2022; Published: September 30, 2022

Abstract

Vulnerabilities in Docker need to be managed considering that this vulnerability is one of the potentials for exploitation, this can happen because Docker is a container related to application and system security. This study analyzes the vulnerability management process in Docker Images and Docker Images Applications using the GSA CIO-IT Security-17-80 standard. This vulnerability search uses two scanning tools, namely Clair Scanner and JoomScan. Vulnerabilities in Docker Images and Docker Images application version - 1, were overcome by creating a new system, namely version - 2 which upgrades the Docker Images software and Docker Images application. The test scenario is run by scanning for vulnerabilities in two versions of the trial system, in the form of a vulnerability report. The data was analyzed using the GSA CIO-IT Security Standard-17-80 which was limited to the stages of Scanning Capabilities, Vulnerability Scanning Process, Vulnerability Scan Reports, Remediation Verification, and Re-Classification of Known Vulnerabilities. The result is the fastest scanning time is in version - 2, the results of the comparison of vulnerabilities obtained are 44.45% on Docker Images and 77.78% on Joomla. So that the contribution that can be given is to provide an overview of the use of the GSA CIO-IT Security-17-80 standard as a guide for managing the security of an IT asset based on the stages carried out. Continuation of research can be in the form of using the 6 stages of GSA with the support of adequate vulnerability data from the right scanner software.

Keywords


Vulnerability; Docker Images; Docker Images Application; GSA CIO-IT Security-17-80; Scanning; Stages

Full Text:

PDF


Article Metrics

Abstract view : 89 times
PDF - 27 times

References

R. Umar, “REVIEW TENTANG VIRTUALISASI,” 2013.

M. Fadlulloh dan R. Bik, “IMPLEMENTASI DOCKER UNTUK PENGELOLAAN BANYAK APLIKASI WEB (Studi Kasus : Jurusan Teknik Informatika UNESA),” 2017.

A. EFE, U. ASLAN, dan A. M. KARA, “Securing Vulnerabilities in Docker Images,” International Journal of Innovative Engineering Applications, vol. 4, no. 1, hlm. 31–39, Jun 2020, doi: 10.46460/ijiea.617181.

D. C. Angir, A. Noertjahyana, dan J. Andjarwirawan, “Vulnerability Mapping pada Jaringan Komputer di Universitas X,” Jurnal Infra, vol. 3, no. 2, 2015.

J. Srinivas, A. K. Das, dan N. Kumar, “Government regulations in cyber security: Framework, standards and recommendations,” Future Generation Computer Systems, vol. 92, 2019, doi: 10.1016/j.future.2018.09.063.

General Services Administration, “IT Security Procedural Guide: Vulnerability Management Process CIO-IT Security-17-80,” 2021.

T. Astriani, A. Budiyono, dan A. Widjajarto, “Analisa Kerentanan Pada Vulnerable Docker Menggunakan Scanner Openvas Dan Docker Scan Dengan Acuan Standar NIST 800-115,” vol. 8, no. 4, 2021, [Daring]. Available: http://jurnal.mdp.ac.id

F. Hanifah, A. Budiyono, dan A. Widjajarto, “ANALISA KERENTANAN PADA VULNERABLE DOCKER MENGGUNAKAN ALIENVAULT DAN DOCKER BENCH FOR SECURITY DENGAN ACUAN STANDAR FRAMEWORK CIS CONTROL (CSC),” 2021.

S. Nanda, U. Ghugar, S. Associate, dan P. Scholar, “Approach to an Efficient Vulnerability Management Program International Journal of Innovative Research in Computer and Communication Engineering Approach to an Efficient Vulnerability Management Program,” Article in International Journal of Innovative Research in Computer and Communication Engineering, 2017, doi: 10.15680/IJIRCCE.2017.

Subhangani dan A. Chaudhary, “Vulnerability Scanning,” 2022.

M. Armes, D. Paepke, dan E. Alexander, “GSA Should Establish Goals and Performance Measures to Manage the Smart Buildings Program,” 2018.

B. Kaur, M. Dugré, A. Hanna, dan T. Glatard, “An analysis of security vulnerabilities in container images for scientific data analysis,” Gigascience, vol. 10, no. 6, 2021, doi: 10.1093/gigascience/giab025.

Y. N. Kunang, M. Fatoni, dan S. Sauda, “PENGUJIAN CELAH KEAMANAN PADA CMS (CONTENT MANAGEMENT SYSTEM),” Prosiding SeNAIK, hlm. 398–406, 2013.

M. Muchson, Statistik Deskriptif. Bogor: Guepedia, 2017.

FIRST, “Common Vulnerability Scoring System SIG,” 2019. https://www.first.org/cvss/

Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel Vulnerability Management Pada Vulnerable Docker Menggunakan Clair Scanner Dan Joomscan Berdasarkan Standar GSA CIO-IT Security-17-80

Refbacks

  • There are currently no refbacks.


Copyright (c) 2022 Ryan Supriadi Ramadhan, Adityas Widjajarto, Ahmad Almaarif

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Jurnal Sistem Komputer dan Informatika (JSON)
Dikelola oleh STMIK Budi Darma
Sekretariat : Jln. Sisingamangaraja No. 338 Telp 061-7875998
email : jurnal.json@gmail.com


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.