Implementasi dan Analisis Attack Tree pada Aplikasi DVWA Berdasar Metrik Time dan Cost

Alifurfan Wiradwipa Pranowo; Adityas Widjajarto; Muhammad Fathinuddin

doi:10.30645/kesatria.v4i4.234

Implementasi dan Analisis Attack Tree pada Aplikasi DVWA Berdasar Metrik Time dan Cost

Alifurfan Wiradwipa Pranowo^(1*), Adityas Widjajarto⁽²⁾, Muhammad Fathinuddin⁽³⁾,

(1) Universitas Telkom, Indonesia
(2) Universitas Telkom, Indonesia
(3) Universitas Telkom, Indonesia
(*) Corresponding Author

Abstract

Exploitation against web applications can be formulated into an attack tree. This research aims to explore the relationship between the attack tree and the exploitation characteristics based on time and cost metrics. The study involves conducting exploitation experiments on the DVWA platform. The exploitation stages are utilized to construct the attack tree, which is then organized based on two conditions: with Web Application Firewall (WAF) and without WAF. The attack tree is composed of five types of exploitation, namely SQL Injection, XSS (Reflected), Command Injection, CSRF, and Brute Force. The analysis results without WAF indicate that the XSS (Reflected) attack tree occupies the top position with a score of 53.69, while the SQL Injection attack tree ranks last with a score of 682.49. On the other hand, with WAF, the XSS (Reflected) attack tree remains at the top with a score of 61.11, and the SQL Injection attack tree still occupies the last position, but with a lower score of 207.22. Consequently, this relationship can be utilized to categorize attack trees based on time and cost metrics. Future research opportunities may involve measuring subsystem processes of the system.

Full Text:

PDF

References

Adem Tekerek, & Omer Faruk Bay. (2019). Design And Implementation Of An Artificial Intelligence-Based Web Application Firewall Model. Neural Network World, 29(4), 189–206. https://doi.org/10.14311/NNW.2019.29.013.

Andria. (2020). Analisis Celah Keamanan Website Menggunakan Tools WEBPWN3R di Kali Linux. Juli 2020 Generation Journal, 4(2). http://www.starrybyte.com.

Sampurna, M. R., Korespondensi, P., Muhammad, :, & Sampurna, R. (2022). Implementasi Hydra, FFUF Dan WFUZZ Dalam Brute Force DVWA. NetPLG Journal of Network and Computer Applications, 1(2).

Namit Gupta, & Abakash Saikia. (2007). Web Application Firewall.

Darojat, E. Z., Sediyono, E., & Sembiring, I. (2022). Vulnerability Assessment Website E-Government dengan NIST SP 800-115 dan OWASP Menggunakan Web Vulnerability Scanner. Jurnal Sistem Informasi Bisnis, 12(1), 36–44. https://doi.org/10.21456/vol12iss1pp36-44.

Kuipers, L. (2020). Analysis of Attack Trees: fast algorithms for subclasses.

Ingoldsby, T. R. (2009). Attack Tree-based Threat Risk Analysis. www.amenaza.com

DOI: https://doi.org/10.30645/kesatria.v4i4.234

DOI (PDF): https://doi.org/10.30645/kesatria.v4i4.234.g232

Refbacks

There are currently no refbacks.

_________________________________________________________________________________________________________

Kesatria : Jurnal Penerapan Sistem Informasi (Komputer dan Manajemen)
Online ISSN: 2720-992X
Organized by STIKOM Tunas Bangsa
Published by LPPM STIKOM Tunas Bangsa
W: https://tunasbangsa.ac.id/pkm/index.php/brahmana

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0
__________________________________________________________________________________________________________

Published Papers Indexed/Abstracted By:

Username
Password
Remember me