Analysis of Open Website Security Using OWASP and ISSAF Methods

  • Rahmad Ashar
    Independent Research


Abstract

Diskominfo Kerinci is an agency responsible for the management of information media within the Kerinci Regency Government. The existence of a website as a medium of information is a very important need to convey information to the public. This managed website is public (open website) so that information security principles must be applied so as not to get cyber attacks. This study conducted a security analysis on an open website owned by Diskominfo Kerinci using two methods, namely the Open Web Application Security Project (OWASP) method and the Information Systems Security Assessment Framework (ISSAF) method. Research related to the use of the OWASP and ISSAF methods in system security testing has been carried out, several tests state that this method greatly influences the steps and results of system security testing. The results of the security analysis from these two methods will be compared to make recommendations for improvements to the website.

References

[1] Zulfia, A., Ruskan, E. L., & Putra, P. (2021). Penilaian Risiko Aset Informasi dengan Metode OCTAVE Allegro: Studi Kasus ICT Fakultas Ilmu Komputer Universitas Sriwijaya. JOINS(Journal of Information System), 6(1), 40-47. https://doi.org/10.33633/joins.v6i1.4088
[2] Harahap, B. (2021). Penerapan Keamanan Owasp Terhadap Aplikasi GTFW Pada Website Universitas Battuta. Jurnal Informatika dan Teknologi Pendidikan, 1(2), 80-86. https://doi.org/10.25008/jitp.v1i2.15
[3] Zirwan, A. (2022). Pengujian dan Analisis Keamanan Website Menggunakan Acunetix Vulnerability Scanner. Jurnal Informasi dan Teknologi, 70-75. https://doi.org/10.37034/jidt.v4i1.190
[4] Handayani, N. K. M., Sasmita, G. M. A., & Wiranath, A. A. K. A. C. Evaluation Security Web-Based Information System Application Using ISSAF Framework (Case Study: SIMAK-NG Udayana University), (2020). https://doi.org/10.24843/jitter.v1i2.65651
[5] Lala, S. K., Kumar, A., & Subbulakshmi, T. (2021). Secure web development using owasp guidelines, 2021.
https://doi.org/10.1109/ICICCS51141.2021.9432179
[6] Kellezi, D., Boegelund, C., & Meng, W. (2021). Securing Open Banking with Model-View-Controller Architecture and OWASP. Wireless Communications and Mobile Computing, 2021. https://doi.org/10.1155/2021/8028073
[7] Hassanah, N. (2021). Analisis Keamanan Website Universitas Internasional Batam Menggunakan Metode Issaf (Doctoral dissertation, Universitas Internasional Batam). https://doi.org/10.33884/jif.v9i02.3758
[8] Aminudin, Aminudin, and Eko Budi Cahyono. A practical analysis of the fermat factorization and pollard rho method for factoring integers, 2021. https://doi.org/10.24843/LKJITI.2021.v12.I01.p04
[9] Aryanti, D., & Utamajaya, J. N. (2021). Analisis Kerentanan Keamanan Website Menggunakan Metode OWASP (Open Web Application Security Project) Pada Dinas Tenaga Kerja. Jurnal Syntax Fusion, 1(03), 15-25. https://doi.org/10.54543/fusion.v1i03.53
[10] Fahmi, M. I., Kifti, W. M., & Marpaung, N. PEMANFAATAN WEBSITE SEBAGAI MEDIA INFORMASI PADA POLSEK PORSEA KABUPATEN TOBA SAMOSIR, 2020. https://doi.org/10.33330/jurdimas.v3i1.494
[11] Herdianti, H., & Umar, F. (2020). Analisis Keamanan Website Menggunakan Teknik Footprinting dan Vulnerability Scanning. INFORMAL: Informatics Journal, 5(2), 43-48. https://doi.org/10.19184/isj.v5i2.18941
[12] Jha, S. K., & Kumar, S. S. (2022). Cybersecurity in the Age of the Internet of Things: An Assessment of the Users’ Privacy and Data Security, 2022. https://doi.org/10.1007/978-981-16-2126-0_5
[13] Maharani, D., Helmiah, F., & Rahmadani, N. (2021). Penyuluhan Manfaat Menggunakan Internet dan Website Pada Masa Pandemi Covid-19. Abdiformatika: Jurnal Pengabdian Masyarakat Informatika, 1(1), 1-7. https://doi.org/10.25008/abdiformatika.v1i1.130
[14] Mardayatmi, S., Defit, S., & Nurcahyo, G. W. (2021). Sistem Pendukung Keputusan bagi Penerima Bantuan Komite Sekolah Menggunakan Metode Topsis. Jurnal Sistim Informasi dan Teknologi, 134-141. https://doi.org/10.37034/jsisfotek.v3i3.56
[15] Maulana, S. A. (2021). Analisis Keamanan Website dengan Information System Security Assessment Framework (Issaf) dan Open Web Application Security Project (Owasp) di Rumah Sakit Xyz. Jurnal Indonesia Sosial Teknologi, 2(4), 506-519. https://doi.org/10.36418/jist.v2i4.124
[16] Muhyidin, Y., Totohendarto, M. H., & Undamayanti, E. (2022). Perbandingan Tingkat Keamanan Website Menggunakan Nmap Dan Nikto Dengan Metode Ethical Hacking. Jurnal Teknologika, 12(1), 80-89. https://doi.org/10.51132/teknologika.v12i1.143
[17] Ningsih, S. W., Almaarif, A., & Widjajarto, A. (2021). Analisis Pengujian Kerentanan Situs Pemerintahan XYZ dengan PTES. JATISI (Jurnal Teknik Informatika dan Sistem Informasi), 8(3), 1543-1556. https://doi.org/10.35957/jatisi.v8i3.1224
[18] Pohan, Y. A., Yuhandri, Y., & Sumijan, S. (2021). Meningkatkan Keamanan Webserver Aplikasi Pelaporan Pajak Daerah Menggunakan Metode Penetration Testing Execution Standar. Jurnal Sistim Informasi dan Teknologi, 1-6. https://doi.org/10.37034/jsisfotek.v3i1.36Cv
[19] Riadi, I., Yudhana, A., & Yunanri, W. (2020). Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment. Jurnal Teknologi Informasi Dan Ilmu Komputer, 7(4), 853-860. http://dx.doi.org/10.25126/jtiik.2020701928Cxv
[20] Sanjaya, I. G. A. S., Sasmita, G. M. A., & Arsa, D. M. S. Evaluasi Keamanan Website Lembaga X Melalui Penetration Testing Menggunakan Framework ISSAF , (2020).
https://doi.org/10.24843/JIM.2020.v08.i02.p05
Published
2022-12-31
Section
Articles
How to Cite
Ashar, R. (2022). Analysis of Open Website Security Using OWASP and ISSAF Methods. Jurnal Informasi Dan Teknologi, 4(4), 211-218. https://doi.org/10.37034/jidt.v4i4.233