Strategi Security Mitigation  Dengan VAPT Pada Website Rekruitasi Asisten Praktikum

Yolanda Hafitzhah; Umar Yunan Kurnia Septo Hediyanto; Muhammad Fathinuddin

doi:10.30645/jurasik.v8i2.646

Strategi Security Mitigation Dengan VAPT Pada Website Rekruitasi Asisten Praktikum

Yolanda Hafitzhah^(1*), Umar Yunan Kurnia Septo Hediyanto⁽²⁾, Muhammad Fathinuddin⁽³⁾,

(1) Universitas Telkom, Indonesia
(2) Universitas Telkom, Indonesia
(3) Universitas Telkom, Indonesia
(*) Corresponding Author

Abstract

In information technology, the internet is one of the things that is very important and useful at this time, one of which is the existence of a website. Currently the website is used by various types of activities, one of which is the XYZ Faculty. The website is used to assist students in taking care of all administrative needs needed for the process of assistant recruitment activities. Therefore, a vulnerability assessment was carried out using the VAPT method using several tools, namely OWASP ZAP, Acunetix, and NetSparker to find vulnerabilities on the website. In this test, 17 vulnerability gaps were found which were combined into 9 gaps for exploitation and mitigation. And the final result, 5 out of 8 security holes were successfully mitigated

Full Text:

PDF

References

K. D. Sharma and R. Jhunjhunwala, “Web Application Security Using VAPT JatinKushwah , Kushagra Dutt Sharma , Raj Jhunjhunwala , Tanisha,” vol. 2, no. 9, pp. 389–394, 2020, doi: 10.35629/5252-0209389394.

A. Kakareka, “What Is Vulnerability Assessment?,” Comput. Inf. Secur. Handb., pp. 483–494, 2017, doi: 10.1016/B978-0-12-803843-7.00031-4.

K. A. R. Cadiente, R. A. Castro, E. A. Van Gica, K. C. Marie Mora, and J. V Ternio, “Applying Vulnerability Assessment and Penetration Testing (Vapt) and Network Enhancement on the Network Infrastructure of Journey Tech Inc,” Innovatus, vol. 3, no. 1, pp. 2651–6993, 2020.

Fabiana Meijon Fadul, “Analisis Keamanan Website Prodi Sistem Informasi Uinsu Menggunakan Metode ABC” vol. 4, no. 4, pp. 325–329, 2019.

A. Zirwan, “Pengujian dan Analisis Kemanan Website Menggunakan Acunetix Vulnerability Scanner,” J. Inf. dan Teknol., vol. 4, no. 1, pp. 70–75, 2022, doi: 10.37034/jidt.v4i1.190.

Y. Khera, D. Kumar, S. Sujay, and N. Garg, “Analysis and Impact of Vulnerability Assessment and Penetration Testing,” Proc. Int. Conf. Mach. Learn. Big Data, Cloud Parallel Comput. Trends, Prespectives Prospect. Com. 2019, no. May, pp. 525–530, 2019, doi: 10.1109/COMITCon.2019.8862224.

F. Yudha and A. M. Panji, “Perancangan Aplikasi Pengujian Celah Keamanan Pada Aplikasi Berbasis Web,” Cyber Secur. dan Forensik Digit., vol. 1, no. 1, pp. 1–6, 2018, doi: 10.14421/csecurity.2018.1.1.1216.

OWASP, “OWASP 2021,” OWASP Top 10- 2021, 2021. https://owasp.org/Top10/#welcome-to-the-owasp-top-10-2021

Dona Rose Mathew and Jetty Benjamin, “Penetration Testing and Vulnerability Scanning of Web Application Using Burp Suite,” Natl. Conf. Emerg. Comput. Appl., vol. 3, no. 1, pp. 271–277, 2021, doi: 10.5281/zenodo.5094090.

C. Joshi and K. Singh, “Performance Evaluation of Web Application Security Scanners for More Effective Defense,” Int. J. Sci. Res. Publ., vol. 6, no. 6, p. 660, 2016, [Online]. Available: www.ijsrp.org

A. W. Kuncoro, J. Informatika, F. Rahma, and M. E. Jurusan Informatika, “Analisis Metode Open Web Application Security Project (OWASP) pada Pengujian Keamanan Website: Literature Review,” Automata, vol. 3, no. 1, pp. 1–5, 2021, [Online]. Available: https://www.sciencedirect.com

I. G. A. S. Sanjaya, G. M. A. Sasmita, and D. M. Sri Arsa, “Information technology risk management using ISO 31000 based on issaf framework penetration testing (Case study: Election commission of x city),” Int. J. Comput. Netw. Inf. Secur., vol. 12, no. 4, pp. 30–40, 2020, doi: 10.5815/ijcnis.2020.04.03.

A. Zerouali, V. Cosentino, T. Mens, G. Robles, and J. M. Gonzalez-Barahona, “On the Impact of Outdated and Vulnerable Javascript Packages in Docker Images,” SANER 2019 - Proc. 2019 IEEE 26th Int. Conf. Softw. Anal. Evol. Reengineering, no. March, pp. 619–623, 2019, doi: 10.1109/SANER.2019.8667984.

Patel and R. Goyena, “HTTP Header Field X-Frame-Options,” J. Chem. Inf. Model., vol. 15, no. 2, pp. 9–25, 2019.

C. Jackson and A. Barth, “Hsts,” pp. 1–46, 2012.

DOI: http://dx.doi.org/10.30645/jurasik.v8i2.646

DOI (PDF): http://dx.doi.org/10.30645/jurasik.v8i2.646.g619

Refbacks

There are currently no refbacks.

JURASIK (Jurnal Riset Sistem Informasi dan Teknik Informatika)
Print/Online ISSN 2527-5771/2549-7839
Organized by LPPM STIKOM Tunas Bangsa
Published by STIKOM Tunas Bangsa
W: https://tunasbangsa.ac.id/ejurnal/index.php/jurasik

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0

JURASIK (Jurnal Riset Sistem Informasi dan Teknik Informatika)
Published Papers Indexed/Abstracted By:

Jumlah Kunjungan : View My Stats

Username
Password
Remember me