Evaluasi dan Peningkatan Keamanan Pada Sistem Informasi Akademik Universitas XYZ Palembang

Aldo Fajarino(1*), Yesi Novaria Kunang(2), Hendra Marta Yudha(3), Edi Surya Negara(4), Nita Rosa Damayanti(5),

(1) Universitas Bina Darma Palembang, Indonesia
(2) Universitas Bina Darma Palembang, Indonesia
(3) Universitas Tridinanti Palembang, Indonesia
(4) Universitas Bina Darma Palembang, Indonesia
(5) Universitas Bina Darma Palembang, Indonesia
(*) Corresponding Author

Abstract


As one of the universities in Palembang City, XYZ University has its own web server that functions as an information system in the academic and financial activities of its users. Testing of security systems on information systems needs to be done, web server security is very important to avoid destruction, data theft, data manipulation, and so on. In this study, the OWASP framework and the ISSAF framework were used and then the two methods were compared. The results of this study found several security holes that have been recommended to developers and successfully repaired. There needs to be a comprehensive improvement starting from server configuration, sanitization improvement of character input filters from users, installation of Intrusion Detection System and Intrusion Prevention System.

Full Text:

PDF

References


Riehle, D. “Framework design: A role modeling approach” (Doctoral dissertation, ETH Zurich). 2000.

Rezshal Hidayah. “Hardening Web Aplikasi Dengan Menggunakan OWASP Security Testing Guide (WSTG) Pada Website ABC.” 2021.

Sanjaya, I. G. A. S., Sasmita, G. M. A., & Arsa, D. M. S. “Evaluasi Keamanan Website Lembaga X Melalui Penetration Testing Menggunakan Framework ISSAF”. Jurnal Ilmiah Merpati (Menara Penelitian Akademika Teknologi Informasi), 113-124, 2020.

Rafeli, A. I., Seta, H. B., & Widi, I. W. “Pengujian Celah Keamanan Menggunakan Metode OWASP Web Security Testing Guide (WSTG) pada Website XYZ.” Informatik: Jurnal Ilmu Komputer, 18(2), 97-103. 2022.

Matteo Meucci “OWASP TESTING GUIDE”. OWASP Foundation, 2008.

Anthi, E., Williams, L., Javed, A., & Burnap, P. “Hardening machine learning denial of service (DoS) defences against adversarial attacks in IoT smart home networks”, computers & security, 108, 102352. 2021.

Burp Suite. “How to use Burp Suite for penetration testing. Burp Suite”. 2021.

Safitri, N., & Pramudita, R. “Pengembangan Kerangka Kerja Arsitektur Enterprise”. Bina Insani ICT Journal, 4(1), 73-82. 2017.

A Ismail, “Audit Sistem Keamanan Server Web Sesuai Standar Permenkominfo tentang Keamanan Server Web (Studi Kasus Situs Resmi Pemerintah Daerah Kabupaten Kotawaringin Timur http://beta.kotimkab.go.id)”, Fakultas Ilmu Komputer, Universitas Darwan Ali, Sampit 2011.

D. Metasari, “Analisis Keamanan Website Di Universitas Muhammadiyah Surakarta.” Universitas Muhammadiyah Surakarta, Surakarta, 2014

H. P. Siagian, “Vulnerability Assessment pada Web Server Universitas Bina Darma.” Universitas Bina Darma, Palembang, 2014.

Yum Thurfah Afifa Rosallah. “Pengujian Celah Keamanan Website Menggunakan Teknik Penetration Testing Dan Metode OWASP(Open Web Application Security Project) Top 10 Pada Website Sistem Informasi Manajemen (SIM) Universitas Pembangunan Nasional Veteran Jakarta”. Jakarta 2021.

Jalal, A., & Zeb, M. A. “Security enhancement for e-learning portal”. IJCSNS International Journal of Computer Science and Network Security. 2015.

Rogers, L., & Allen, J. “Securing information assets: security knowledge in practice.” Associate Publisher’s Choice, 801, 30. 2002.

Saad, E., & Mitchell, R. “Web Security Testing Guide”, 2020.

Sasongko, et al. “Panduan Keamanan WebServer Informatika”, Ed. Jakarta: Direktorat Keamanan Informasi Dirjen Aplikasi Informatika Kemenkominfo, 2011.




DOI: http://dx.doi.org/10.30645/j-sakti.v7i2.702

Refbacks

  • There are currently no refbacks.



J-SAKTI (Jurnal Sains Komputer & Informatika)
Published Papers Indexed/Abstracted By:


Jumlah Kunjungan :

View My Stats