Optimisasi Strategi Security Mitigation Dengan Vapt Pada Website Absensi Praktikan Dan Asisten Laboratorium Praktek

Aulia Basyirah; Umar Yunan Kurnia Septo Hediyanto; Muhammad Fathinuddin

doi:10.30645/j-sakti.v7i2.684

Optimisasi Strategi Security Mitigation Dengan Vapt Pada Website Absensi Praktikan Dan Asisten Laboratorium Praktek

Aulia Basyirah^(1*), Umar Yunan Kurnia Septo Hediyanto⁽²⁾, Muhammad Fathinuddin⁽³⁾,

(1) Universitas Telkom, Indonesia
(2) Universitas Telkom, Indonesia
(3) Universitas Telkom, Indonesia
(*) Corresponding Author

Abstract

Information technology is growing rapidly alongside its users. One of the uses of information technology is websites, which have been widely adopted by various parties, including XYZ University, utilizing them for academic and internal purposes. One such website at the university is used for attendance tracking during practical sessions in the Faculty of XYZ. However, technological advancements have also brought an increase in security attacks on websites by unauthorized entities. Therefore, a vulnerability assessment was conducted using the Vulnerability Assessment and Penetration Testing (VAPT) method, employing automated scanning tools such as Nessus, Burpsuite, and OWASP ZAP to identify vulnerabilities in the website. During the testing, 27 security vulnerabilities were found and consolidated into 9 issues for exploitation and mitigation. Eventually, 4 out of the 9 security vulnerabilities were successfully mitigated.

Full Text:

PDF

References

Nurul, S., Anggrainy, S., & Aprelyani, S. (2022). Faktor-Faktor Yang Mempengaruhi Keamanan Sistem Informasi: Keamanan Informasi, Teknologi Informasi Dan Network (Literature Review SIM). 3(5). https://doi.org/10.31933/jemsi.v3i5.

Bustami, A., & Bahri, S. (2020). Ancaman, Serangan dan Tindakan Perlindungan pada Keamanan Jaringan atau Sistem Informasi: Systematic Review. In Jurnal Pendidikan dan Aplikasi Industri (UNISTEK) (Vol. 7, Issue 2).

gtslearning. (2014). CompTIA Security+ SY0-401 Official Study Guide. www.gtslearning.com.

Goel, J. N., & Mehtre, B. M. (2015). Vulnerability Assessment & Penetration Testing as a Cyber Defence Technology. Procedia Computer Science, 57, 710–715. https://doi.org/10.1016/j.procs.2015.07.458.

Widjajarto, A., Lubis, M., & Ayuningtyas, V. (2021). Vulnerability and risk assessment for operating system (OS) with framework STRIDE: Comparison between VulnOS and Vulnix. In Indonesian Journal of Electrical Engineering and Computer Science (Vol. 23, Issue 3, pp. 1643–1653). Institute of Advanced Engineering and Science. https://doi.org/10.11591/ijeecs.v23.i3.pp1643-1653.

Mu’min, Muh. A., Fadlil, A., & Riadi, I. (2022). Analisis Keamanan Sistem Informasi Akademik Menggunakan Open Web Application Security Project Framework. Jurnal Media Informatika Budidarma, 6(3), 1468. https://doi.org

/10.30865/mib.v6i3.4099.

Aboelfotoh, S. F., & Hikal, N. A. (n.d.). A Review of Cyber-security Measuring and Assessment Methods for Modern Enterprises.

Pangalila, R., Noertjahyana, A., & Andjarwirawan, J. (2015). Penetration Testing Server Sistem Informasi Manajemen dan Website Universitas Kristen Petra.

Arvin Cadiente, K. R., Castro, R. A., van Gica, E. A., Marie Mora, K. C., & Ternio, J. v. (n.d.). Applying Vulnerability Assessment And Penetration Testing (Vapt) And Network Enhancement On The Network Infrastructure Of Journey Tech Inc. In Innovatus (Vol. 3).

Almaarif, A., & Lubis, M. (2020). Vulnerability Assessment and Penetration Testing (VAPT) Framework: Case Study of Government’s Website. International Journal on Advanced Science, Engineering and Information Technology, 10(5), 1874–1880. https://doi.org/10.18517/ijaseit.10.5.8862.

Kuncoro, A. W., Informatika, J., Rahma, F., & Jurusan Informatika, M. E. (2022). Analisis Metode Open Web Application Security Project (OWASP) pada Pengujian Keamanan Website: Literature Review. https://www.sciencedirect.com.

Sunardi, Riadi, I., & Ananda Raharja, P. (2019). Vulnerability Analysis of E-voting Application using Open Web Application Security Project (OWASP) Framework. In IJACSA) International Journal of Advanced Computer Science and Applications (Vol. 10, Issue 11). www.ijacsa.thesai.org.

Indera, R., Budiono, A., & Yunan Kurnia Septo Hediyanto, U. (2023). Vulnerability Assessment Pada Situs Web KPPM FRI Dengan Burp Suite dan

Intruder.

Bayu Rendro, D., & Nugroho Aji, W. (2020). Analisis Monitoring Sistem Keamanan Jaringan Komputer Menggunakan Software Nmap (Studi Kasus Di SMK Negeri 1 Kota Serang). 7(2).

Wardana, W., Almaarif, A., & Widjajarto, A. (2022). Vulnerability Assessment and Penetration Testing On The Xyz Website Using Nist 800-115 Standard. 7(1).

Bhargav-Spantzel, Abhilasha., ACM Digital Library., & Association for Computing Machinery. Special Interest Group on Security, A. (2011). Proceedings of the 7th ACM workshop on Digital identity management. ACM.

Mlyatu, M. M., & Sanga, C. (2023). Secure Web Application Technologies Implementation through Hardening Security Headers Using Automated Threat Modelling Techniques. Journal of Information Security, 14(01), 1–15. https://doi.org/10.4236/jis.2023.141001

DOI: http://dx.doi.org/10.30645/j-sakti.v7i2.684

Refbacks

There are currently no refbacks.

J-SAKTI (Jurnal Sains Komputer & Informatika)
Print/Online ISSN 2548-9771/2549-7200
Organized by LPPM STIKOM Tunas Bangsa
Published by STIKOM Tunas Bangsa
W: https://tunasbangsa.ac.id/ejurnal/index.php/jsakti

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0

J-SAKTI (Jurnal Sains Komputer & Informatika)
Published Papers Indexed/Abstracted By:

Jumlah Kunjungan :

View My Stats

Username
Password
Remember me