Penetration Testing Untuk Deteksi Vulnerability Sistem Informasi Kampus

Sahren Sahren, Ruri Ashari Dalimuthe, Muhammad Amin

Abstract


Security is an effort that can be done to protect the information contained in it which refers to confidentiality. Information systems that are centrally prone to various types of attacks such as DoS, SQL Injections, Cross Site Scripting (XSS), Clickjacking, CSRF / Cross-site request forgery and so on. This will be a polemic for the information service owner and manager. The method to be carried out in this study is to do penetration testing to audit the security of the campus information system webserver. This activity aims to identify and exploit vulnerabilities in the web server. In this study, several tools will be used as a tool, including WHOIS, NMAP and Acunetix Web Vulnerability Scanner. Tests carried out are to look for vulnerabilities on the web server while the level of vulnerability that will be detected in this test sawill be inter alia higt risk, Medium risk and low risk. The aim is to find out the weaknesses in the web server so that in the future it can avoid DoS attacks, CSRF / Cross-site request forgery, Cross Site Scripting (XSS) and clickjacking. The results of this test are expected to be an input for the management of campus information systems for the future can be made improvements to existing weaknesses.

Full Text:

PDF

References


Babys, J. Y, "Analisis Vulnerable Port Pada Client Pengguna Publik Wifi" Simetris: Jurnal Teknik Mesin, Elektro Dan Ilmu Komputer., 9(1), 261–268, https://doi.org/10.24176/simet.v9i1.2073, 2018.

Bogdanoski M, Shuminoski T dan Risteski A, "Analysis of The SYN Flood DoS Attack" I.J Computer Network and Information Security., No 8, Hal 1-11, DOI: 10.5815/ijenis.2013.08.01, 2013.

Maharani, M. Z., Andrian, H. R., Juli, S., & Ismail, I, "Analisis Keamanan Website Menggunakan Metode Scanning Dan Perhitungan Security Metriks" E-Proceeding of Applied Science., 3(3), 1775–1782, 2017.

Prabhakar, Shruthi, "Network Security in Digitalization Attacks and Defence" International Journal of Research in Comoputer Application and Robotics., Vol 5, Issue 5, Hal 46-52., 2017.

Shahriar, H., Devendran, V. K., & Haddad, H, "ProClick: A Framework for Testing Clickjacking Attacks in Web Applications" 144–151. https://doi.org/10.1145/2523514.2523538, November 2013

Syariful Ikhwan, & Elfitri, I, "Analisa Delay yang Terjadi Pada Penerapan Dimilitarized Zone (DMZ) Terhadap Server Universitas Andalas" Nasional Teknik Elektro Jaringan., 118–124, 2014.

Tarigan, B. V., Kusyanti, A., & Yahya, W, "Analisis Perbandingan Penetration Testing Tool Untuk Aplikasi Web" Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer (J-PTIIK) Universitas Brawijaya., 1(3), 206–214, 2017.

W, Ynanri., Riadi, Imam., & Yudhana Anton, "Analisis Deteksi Vulnerability Pada Webserver Open Jurnal System Menggunakan OWASP Scanner" JURTI., Vol.2 No. 1, Juni 2018.




DOI: http://dx.doi.org/10.30645/senaris.v1i0.109

Refbacks

  • There are currently no refbacks.