Audit Web E-Government Dengan Acunetix Web Vulnerability Guna Menganalisis Dan Perbaikan Celah Keamanan Website

Maisan Dewi Puspa Khairani(1*), Y Yuhandri(2), S Sumijan(3),

(1) Universitas Putra Indonesia “YPTK” Padang, Indonesia
(2) Universitas Putra Indonesia “YPTK” Padang, Indonesia
(3) Universitas Putra Indonesia “YPTK” Padang, Indonesia
(*) Corresponding Author

Abstract


The use of the internet in government to encourage the realization of e-Government can provide benefits in increasing the power of society by increasing access to information, improving government services to the community, strengthening interaction between government and the private sector in related industries, and increasing the ease and openness of government management. One tool used to identify vulnerabilities in web applications is Acunetix Web Vulnerability. This tool is a security scanner that can automatically detect common vulnerabilities in web applications, including SQL injection attacks, Cross-Site Scripting (XSS), and others. The purpose of this research is to conduct an e-Government web audit, steps for e-Government security analysis and provide recommendations for improvements from the results of security analysis using Acunetix web vulnerabilities on the Padang City DPMPTSP website. Data was obtained using the Acunetix web Vulnerability tool to obtain a report from the penetration test process which contains information about security vulnerabilities found on the SINOPEN website https://nonperizinan.web.dpmptsp.padang.go.id/sinopen. The vulnerability findings of 148 data were at a high level, 107 data were at a medium level, 16 data were at a low level. Some of the attacks found were 11 attacks, namely Blind SQL injection, Cross site scripting (XSS), SQL injection, Application error message, HTML form without CSRF protection, Clickjacking: X-Frame-Option Header Missing, Cookie Without Secure Flag Set, File Upload, Login Page Password Guessing Attack, Broken Link, Password Type Input With AutoComplete Enabled. The Acunetix web vulnerability tool is used as a basis for analyzing improvements made after scanning the website. The results after an e-gov security audit was carried out to analyze and improve the level of vulnerabilities found on the SINOPEN website were at a low level, thereby increasing the level of security from attacks and the status of the website can be said to be safe from attack vulnerabilities.

Full Text:

PDF

References


Y. W, R. Anto, D. Teguh Yuwono, and Y. Yuliadi, “Deteksi Serangan Vulnerability Pada Open Jurnal System Menggunakan Metode Black-Box,” J. Inform. dan Rekayasa Elektron., vol. 4, no. 1, pp. 68–77, 2021, doi: 10.36595/jire.v4i1.365.

M. Althunayyan, N. Saxena, S. Li, and P. Gope, “Evaluation of Black-Box Web Application Security Scanners in Detecting Injection Vulnerabilities,” Electron., vol. 11, no. 13, pp. 1–20, 2022, doi: 10.3390/electronics11132049.

Elsa Prisanda and Rury Febrina, “Penerapan Teknologi Informasi dan Komunikasi Berbasis Aplikasi SISPEDAL Dalam Rangka Mewujudkan Good Village Governance,” J. Gov. Innov., vol. 3, no. 2, pp. 155–171, 2021, doi: 10.36636/jogiv.v3i2.723.

E. Z. Darojat, E. Sediyono, and I. Sembiring, “Vulnerability Assessment Website E-Government dengan NIST SP 800-115 dan OWASP Menggunakan Web Vulnerability Scanner,” J. Sist. Inf. Bisnis, vol. 12, no. 1, pp. 36–44, 2022, doi: 10.21456/vol12iss1pp36-44.

T. H. Taufik, S. W. Sarah, and Y. A. Yusuf, “Analisis Strategi Keberhasilan E-Government di Kabupaten Bojonegoro,” J. Gov. Innov., vol. 4, no. 1, pp. 14–26, 2022, doi: 10.36636/jogiv.v4i1.1116.

B. A. Iswandari, “Jaminan Atas Pemenuhan Hak Keamanan Data Pribadi Dalam Penyelenggaraan E-Government Guna Mewujudkan Good Governance,” J. Huk. Ius Quia Iustum, vol. 28, no. 1, pp. 115–138, 2021, doi: 10.20885/iustum.vol28.iss1.art6.

J. I. Dan, “Analisis Keamanan Web New Kuta Golf Menggunakan Metode,” vol. 2, no. 3, pp. 256–265, 2022.

A. M. Akmal, N. Heryana, and A. Solehudin, “Analisis Keamanan Website Universitas Singaperbangsa Karawang Menggunakan Metode Vulnerability Assessment,” Al-Irsyad, vol. 105, no. 2, p. 79, 2017.

S. Sandy and H. H. Solihin, “Audit Keamanan dan Manajemen Risiko pada e-Learning Universitas Sangga Buana,” J. Manaj. Inform., vol. 11, no. 1, pp. 1–14, 2021, doi: 10.34010/jamika.v11i1.3641.

F. G. Putra and B. Soewito, “Measurement of Security System Performance on Websites of Personnel Information Systems in Government Using Common Vulnerability Scoring System,” J. Pendidik. Tambusai, vol. 6, pp. 2949–2957, 2022.




DOI: http://dx.doi.org/10.30645/jurasik.v9i1.751

DOI (PDF): http://dx.doi.org/10.30645/jurasik.v9i1.751.g726

Refbacks

  • There are currently no refbacks.



JURASIK (Jurnal Riset Sistem Informasi dan Teknik Informatika)
Published Papers Indexed/Abstracted By:

Jumlah Kunjungan : View My Stats