Analisis Keamanan Sistem Informasi Akademik Menggunakan Open Web Application Security Project Framework

Authors

  • Muh. Amirul Mu'min Universitas Ahmad Dahlan, Yogyakarta
  • Abdul Fadlil Universitas Ahmad Dahlan, Yogyakarta
  • Imam Riadi Universitas Ahmad Dahlan, Yogyakarta

DOI:

https://doi.org/10.30865/mib.v6i3.4099

Keywords:

Security, SIA, Website, OWASP, OWASP Zap

Abstract

Information system security is one of the important things in the development of technology to protect comprehensive and structured data or information. The Academic Information System (SIA) has a service to receive requests in the form of HTTP or HTTPS protocol website pages from clients called browsers. Intruders can hack websites without the owner's knowledge. This research was conducted to find the vulnerability of SIA STIKES Guna Bangsa Yogyakarta. The framework used is the Open Web Application Security Project (OWASP) which is usually used to evaluate systems or applications. The tools used are WhoIs, SSL Scan, Nmap, and OWASP Zap. The results obtained were finding 12 vulnerabilities with four vulnerabilities at the medium level, namely Absence of Anti-CSRF Tokens, Cross-Domain Misconfiguration, Missing Anti-clickjacking Header, and Vulnerable JS Library, six at the low level namely Cookie Without Secure Flag, Cookie without SameSite Attribute, Cross-Domain JavaScript Source File Inclusion, Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s), Timestamp Disclosure – Unix,  and X-Content-Type-Options Header Missing, and two at the informational level namely Content-Type Header Missing and Information Disclosure - Suspicious Comments.

 

References

I. A. Huda, “Perkembangan Teknologi Informasi Dan Komunikasi (Tik) Terhadap Kualitas Pembelajaran Di Sekolah Dasar,†J. Pendidik. dan Konseling, vol. 2, no. 1, pp. 121–125, 2020, doi: 10.31004/jpdk.v1i2.622.

A. L. Weol, A. Wibowo, L. P. Dewi, and K. Kunci, “Analisa Manajemen Risiko Pada Perusahaan Real Estate X.â€

S. Eko Prasetyo and N. Hassanah, “Analisis Keamanan Website Universitas Internasional Batam Menggunakan Metode Issaf,†J. Ilm. Inform., vol. 9, no. 02, pp. 82–86, 2021, doi: 10.33884/jif.v9i02.3758.

B. Tasya and K. Dewi, “Kajian Literatur : Metode dan Tools Pengujian Celah Keamanan Aplikasi Berbasis Web,†2021.

V. B. Kusnandar, “Pengguna Internet Indonesia Peringkat ke-3 Terbanyak di Asia,†Databooks.id, p. 2021, 2021, [Online]. Available: https://databoks.katadata.co.id/datapublish/2021/10/14/pengguna-internet-indonesia-peringkat-ke-3-terbanyak-di-asia.

G. Guntoro, L. Costaner, and M. Musfawati, “Analisis Keamanan Web Server Open Journal System (Ojs) Menggunakan Metode Issaf Dan Owasp (Studi Kasus Ojs Universitas Lancang Kuning),†JIPI (Jurnal Ilm. Penelit. dan Pembelajaran Inform., vol. 5, no. 1, p. 45, 2020, doi: 10.29100/jipi.v5i1.1565.

T. A. Hanafi, C. Iswahyudi, P. S. Informatika, and F. T. Industri, “Jurnal SCRIPT Vol . 7 No . 2 Desember 2019 Aplikasi Pendeteksi Celah Keamanan Aplikasi Web Dengan Penetration Testing Menggunakan Metode Input Validation Jurnal SCRIPT Vol . 7 No . 2 Desember 2019 E- ISSN : 2338-6313,†vol. 7, no. 2, pp. 132–141, 2019.

H. O. L. Wijaya, “Implementasi Metode Pieces Pada Analisis Website Kantor Penanaman Modal Kota Lubuklinggau,†JUSIM (Jurnal Sist. Inf. Musirawas), vol. 3, no. 1, pp. 46–55, 2018, doi: 10.32767/jusim.v3i1.289.

M. R. Hasan, S. Suhermanto, and S. Suharmanto, “Keamanan Sistem Perangkat Lunak dengan Secure Software Development Lifecycle,†J. Ilmu Komput. dan Bisnis, vol. 12, no. 1, pp. 88–101, 2021, doi: 10.47927/jikb.v12i1.95.

W. Agustiara, A. Pratama, S. Junaidi, K. Padang, and S. Barat, “Analisis Keamanan Protokol Secure Socket Layer Terhadap Serangan Packet Sniffing Pada Website Portal,†vol. 6, no. 1, 2022.

S. Nurul, S. Anggrainy, and S. Aprelyani, “Faktor-Faktor Yang Mempengaruhi Keamanan Sistem Informasi : Keamanan Informasi , Teknologi Informasi Dan Network ( Literature Review SIM ),†vol. 3, no. 5, pp. 564–573, 2022.

I. G. A. S. Sanjaya, “Evaluasi Keamanan Website Lembaga X Melalui Penetration Testing Menggunakan Framework ISSAF,†J. Ilm. Merpati, vol. 8, no. 2, pp. 113–124, 2020.

R. Umar, I. Riadi, and E. Handoyo, “Analisis Keamanan Sistem Informasi Berdasarkan Framework COBIT 5 Menggunakan Capability Maturity Model Integration (CMMI),†J. Sist. Inf. Bisnis, vol. 9, no. 1, p. 47, 2019, doi: 10.21456/vol9iss1pp47-54.

dan S. A. M. Agus Rochman, Rizal Rohian Salam, “Analisis Keamanan Website Dengan Information System Security Assessment Framework (ISSAF) Dan Open Web Application Security Project (OWASP) Di Rumah Sakit XYZ,†vol. 2, no. 4, pp. 506–519, 2021.

Y. Yudiana, A. Elanda, and R. L. Buana, “Analisis Kualitas Keamanan Sistem Informasi E-Office Berbasis Website Pada STMIK Rosma Dengan Menggunakan OWASP Top 10,†CESS (Journal Comput. Eng. Syst. Sci., vol. 6, no. 2, p. 185, 2021, doi: 10.24114/cess.v6i2.24777.

D. Hariyadi and F. E. Nastiti, “Analisis Keamanan Sistem Informasi Menggunakan Sudomy dan OWASP ZAP di Universitas Duta Bangsa Surakarta,†J. Komtika (Komputasi dan Inform., vol. 5, no. 1, pp. 35–42, 2021, doi: 10.31603/komtika.v5i1.5134.

A. Elanda and R. L. Buana, “Analisis Keamanan Sistem Informasi Berbasis Website Dengan Metode Open Web Application Security Project (OWASP) Versi 4: Systematic Review,†CESS (Journal Comput. Eng. Syst. Sci., vol. 5, no. 2, p. 185, 2020, doi: 10.24114/cess.v5i2.17149.

J. J. B. H. Yum Thurfah Afifa Rosaliah, “Pengujian Celah Keamanan Website Menggunakan Teknik Penetration Testing dan Metode OWASP TOP 10 pada Website SIM,†Senamika, vol. 2, no. September, pp. 752–761, 2021.

I. Journal, E. I. Alwi, and F. Umar, “Analisis Keamanan Website Menggunakan Teknik Footprinting dan Vulnerability Scanning,†vol. 5, no. 2, pp. 43–48, 2020.

I. Riadi, A. Yudhana, and Y. W, “Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment,†J. Teknol. Inf. dan Ilmu Komput., vol. 7, no. 4, p. 853, 2020, doi: 10.25126/jtiik.2020701928.

Y. Muhyidin, M. H. Totohendarto, E. Undamayanti, and C. N. Salsabilla, “Perbandingan Tingkat Keamanan Website Menggunakan Nmap Dan Nikto Dengan Metode Ethical Hacking Comparison of Website Security Levels Using Nmap and Nikto With Ethical Hacking Methods,†pp. 1–10, 2022.

Pramono, A. Sunyoto, and E. Pramono, “Deteksi Serangan SQL Injection Menggunakan Hidden Markov Model,†J. Tecnoscienza, vol. 5, no. 2, p. 243, 2021, doi: 10.51158/tecnoscienza.v5i2.432.

S. P. Sitorus and R. A. Habibi, “Teknik Pencegahan Penetrasi SQL Injeksi Dengan Pengaturan Input Type Number dan Batasan Input Pada Form Login Website,†U-NET J. Tek. Inform., vol. 4, no. 2, pp. 26–33, 2020, doi: 10.52332/u-net.v4i2.303.

S. Rheno Widianto and I. Abdullah Azzam, “Analisis Upaya Peretasan Web Application Firewall dan Notifikasi Serangan Menggunakan Bot Telegram pada Layanan Web Server,†Elektra, vol. 3, no. 2, pp. 19–28, 2018.

R. Riska and H. Alamsyah, “Penerapan Sistem Keamanan Web Menggunakan Metode Web Aplication Firewall,†J. Amplif. J. Ilm. Bid. Tek. Elektro Dan Komput., vol. 11, no. 1, pp. 37–42, 2021, doi: 10.33369/jamplifier.v11i1.16683.

S. U. Sunaringtyas and D. S. Prayoga, “Implementasi Penetration Testing Execution Standard Untuk Uji Penetrasi Pada,†Edu Komputika J., vol. 8, no. 1, pp. 48–56, 2021.

Downloads

Published

2022-07-25

Issue

Vol. 6 No. 3 (2022): Juli 2022

Section

Articles

License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under Creative Commons Attribution 4.0 International License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (Refer to The Effect of Open Access).