Analisis Metode Open Web Application Security Project (OWASP) Menggunakan Penetration Testing pada Keamanan Website Absensi
Article Sidebar
Published:
Sep 30, 2022
Keywords:
Vulnerability, OWASP, Website, Penetration Testing, Security
Main Article Content
Abstract
The use of technology in various fields increases mobility, one of which is the creation of websites to share and manage information. Information system security that cannot interfere with the infrastructure of an organization or company. Many system vulnerabilities or system problems occur on the internet. These problems can be in the form of Malware attacks, Exploits and Injection databases. This problem can be minimized by implementing security from hackers' interference or attacks by means of penetration testing (Pentest), which is testing carried out on the web legally by imitating the form of hackers. To detect web security, an analysis of the vulnerabilities of a web is required in accordance with the security standardization of the Open Web Application Security Project (OWASP) using security tools. Web-based vulnerability analysis with the OWASP method using security tools is able to determine the security level of an application, based on the results of tests that have been carried out where the results of the research provide some suggestions or recommendations about website vulnerabilities, which can be used by the website development team to improve website security.
Article Details
How to Cite
Riandhanu, I. O. (2022). Analisis Metode Open Web Application Security Project (OWASP) Menggunakan Penetration Testing pada Keamanan Website Absensi . Jurnal Informasi Dan Teknologi, 4(3), 160-165. https://doi.org/10.37034/jidt.v4i3.236
Issue
Section
Articles
This work is licensed under a Creative Commons Attribution 4.0 International License.
References
[1] Zeebaree, S. R. M., Jacksi, K., & Zebari, R. R. (2020). Impact analysis of SYN flood DDoS attack on HAProxy and NLB cluster-based web servers. Indonesian Journal of Electrical Engineering and Computer Science, 19(1), 505–512. DOI: https://doi.org/10.11591/ijeecs.v19.i1.pp505-512 .
[2] Yudiana, Y., Elanda, A., & Buana, R. L. (2021). Analisis Kualitas Keamanan Sistem Informasi E-Office Berbasis Website Pada STMIKRosma Dengan Menggunakan OWASP Top 10. CESS (Journal of Computer Engineering, System and Science), 6(2), 37-43. DOI: https://doi.org/10.24114/cess.v6i2.24777 .
[3] Idris, I., Majigi, M. U., Abdulhamid, S., Olalere, M., & Rambo, S. I. (2017). Vulnerability assessment of some key Nigeria government websites. International Journal of Digital Information and Wireless Communications, 7(3), 143-153. DOI: http://dx.doi.org/10.17781/P002309 .
[4] Bach-Nutman, M. (2020). Understanding the top 10 owasp vulnerabilities. arXiv preprint arXiv:2012.09960. DOI: https://doi.org/10.48550/arXiv.2012.09960 .
[5] Yunus, M. (2019). Analisis Kerentanan Aplikasi Berbasis Web Menggunakan Kombinasi Security Tools Project Berdasarkan Framework Owasp Versi 4. Jurnal Ilmiah Informatika Komputer, 24(1), 37-48. DOI: http://dx.doi.org/10.35760/ik.2019.v24i1.1988 .
[6] Pratama, I. P. A. E., & Wiradarma, A. A. B. A. (2019). Open source intelligence testing using the owasp version 4 framework at the information gathering stage (case study: X company). International Journal of Computer Network and Information Security, 11(7), 8-12. DOI: http://dx.doi.org/10.5815/ijcnis.2019.07.02 .
[7] Guntoro, G., Costaner, L., & Musfawati, M. (2020). Analisis Keamanan Web Server Open Journal System (Ojs) Menggunakan Metode Issaf Dan Owasp (Studi Kasus Ojs Universitas Lancang Kuning). JIPI (Jurnal Ilmiah Penelitian Dan Pembelajaran Informatika), 5(1), 45-55. DOI: http://dx.doi.org/10.29100/jipi.v5i1.1565 .
[8] Zirwan, A. (2022). Pengujian dan Analisis Keamanan Website Menggunakan Acunetix Vulnerability Scanner. Jurnal Informasi dan Teknologi, 70-75. DOI: https://doi.org/10.37034/jidt.v4i1.190 .
[9] Shahid, J., Hameed, M. K., Javed, I. T., Qureshi, K. N., Ali, M., & Crespi, N. (2022). A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions. Applied Sciences, 12(8), 4077. DOI: http://dx.doi.org/10.3390/app12084077 .
[10] Riadi, I., & Raharja, P. A. (2019). Vulnerability analysis of E-voting application using open web application security project (OWASP) framework. International Journal of Advanced Computer Science and Applications, 10(11). DOI: https://dx.doi.org/10.14569/IJACSA.2019.0101118 .
[11] Fathurrahmad, F., & Ester, E. (2020). Automatic Scanner Tools Analysis As A Website Penetration Testing: Automatic Scanner Tools Analysis As A Website Penetration Testing. Jurnal Mantik, 4(2), 1138-1144. DOI: https://doi.org/10.35335/mantik.Vol4.2020.886.pp1138-1144 .
[12] Nedeljković, N., Vugdelija, N., & Kojić, N. (2020, October). Use of “OWASP Top 10” in web application security. In Fourth International Scientific Conference on Recent Advances in Information Technology, Tourism, Economics, Management and Agriculture (p. 25). DOI: https://doi.org/10.31410/ITEMA.2020.25 .
[13] Filiol, E., Mercaldo, F., & Santone, A. (2021). A method for automatic penetration testing and mitigation: A red hat approach. Procedia Computer Science, 192, 2039-2046. DOI: http://dx.doi.org/10.1016/j.procs.2021.08.210 .
[14] Viriya, A., & Muliono, Y. (2021). Peeking and Testing Broken Object Level Authorization Vulnerability onto E-Commerce and E-Banking Mobile Applications. Procedia Computer Science, 179, 962-965. DOI: https://doi.org/10.1016/j.procs.2021.01.101 .
[15] Aryanti, D., & Utamajaya, J. N. (2021). Analisis Kerentanan Keamanan Website Menggunakan Metode Owasp (Open Web Application Security Project) Pada Dinas Tenaga Kerja. Jurnal Syntax Fusion, 1(03), 15-25. DOI: https://doi.org/10.54543/fusion.v1i03.53 .
[16] Mateus, E., & Serrão, C. (2021). Vulnerability assessment of Angolan university web applications. Vulnerability assessment of Angolan university web applications, 518-525. DOI: http://dx.doi.org/10.5220/0010716800003058 .
[17] Gultom, L. M., & Harahap, M. (2018). Analisis Celah Keamanan Website Instansi Pemerintahan di Sumatera Utara. Jurnal Teknovasi: Jurnal Teknik dan Inovasi Mesin Otomotif, Komputer, Industri dan Elektronika, 2(2), 1-7. DOI: http://dx.doi.org/10.55445/teknovasi.v2i2.54 .
[18] Mateo Tudela, F., Bermejo Higuera, J. R., Bermejo Higuera, J., Sicilia Montalvo, J. A., & Argyros, M. I. (2020). On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications. Applied Sciences, 10(24), 9119. DOI: https://doi.org/10.3390/app10249119 .
[19] Fachri, F., Fadlil, A., & Riadi, I. (2021). Analisis Keamanan Webserver Menggunakan Penetration Test. Jurnal Informatika, 8(2), 183-190. DOI: https://doi.org/10.31294/ji.v8i2.10854 .
[20] Ula, M. (2019). Evaluasi Kinerja Software Web Penetration Testing. TECHSI-Jurnal Teknik Informatika, 11(3), 336-352. DOI: https://doi.org/10.29103/techsi.v11i3.1996 .
[2] Yudiana, Y., Elanda, A., & Buana, R. L. (2021). Analisis Kualitas Keamanan Sistem Informasi E-Office Berbasis Website Pada STMIKRosma Dengan Menggunakan OWASP Top 10. CESS (Journal of Computer Engineering, System and Science), 6(2), 37-43. DOI: https://doi.org/10.24114/cess.v6i2.24777 .
[3] Idris, I., Majigi, M. U., Abdulhamid, S., Olalere, M., & Rambo, S. I. (2017). Vulnerability assessment of some key Nigeria government websites. International Journal of Digital Information and Wireless Communications, 7(3), 143-153. DOI: http://dx.doi.org/10.17781/P002309 .
[4] Bach-Nutman, M. (2020). Understanding the top 10 owasp vulnerabilities. arXiv preprint arXiv:2012.09960. DOI: https://doi.org/10.48550/arXiv.2012.09960 .
[5] Yunus, M. (2019). Analisis Kerentanan Aplikasi Berbasis Web Menggunakan Kombinasi Security Tools Project Berdasarkan Framework Owasp Versi 4. Jurnal Ilmiah Informatika Komputer, 24(1), 37-48. DOI: http://dx.doi.org/10.35760/ik.2019.v24i1.1988 .
[6] Pratama, I. P. A. E., & Wiradarma, A. A. B. A. (2019). Open source intelligence testing using the owasp version 4 framework at the information gathering stage (case study: X company). International Journal of Computer Network and Information Security, 11(7), 8-12. DOI: http://dx.doi.org/10.5815/ijcnis.2019.07.02 .
[7] Guntoro, G., Costaner, L., & Musfawati, M. (2020). Analisis Keamanan Web Server Open Journal System (Ojs) Menggunakan Metode Issaf Dan Owasp (Studi Kasus Ojs Universitas Lancang Kuning). JIPI (Jurnal Ilmiah Penelitian Dan Pembelajaran Informatika), 5(1), 45-55. DOI: http://dx.doi.org/10.29100/jipi.v5i1.1565 .
[8] Zirwan, A. (2022). Pengujian dan Analisis Keamanan Website Menggunakan Acunetix Vulnerability Scanner. Jurnal Informasi dan Teknologi, 70-75. DOI: https://doi.org/10.37034/jidt.v4i1.190 .
[9] Shahid, J., Hameed, M. K., Javed, I. T., Qureshi, K. N., Ali, M., & Crespi, N. (2022). A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions. Applied Sciences, 12(8), 4077. DOI: http://dx.doi.org/10.3390/app12084077 .
[10] Riadi, I., & Raharja, P. A. (2019). Vulnerability analysis of E-voting application using open web application security project (OWASP) framework. International Journal of Advanced Computer Science and Applications, 10(11). DOI: https://dx.doi.org/10.14569/IJACSA.2019.0101118 .
[11] Fathurrahmad, F., & Ester, E. (2020). Automatic Scanner Tools Analysis As A Website Penetration Testing: Automatic Scanner Tools Analysis As A Website Penetration Testing. Jurnal Mantik, 4(2), 1138-1144. DOI: https://doi.org/10.35335/mantik.Vol4.2020.886.pp1138-1144 .
[12] Nedeljković, N., Vugdelija, N., & Kojić, N. (2020, October). Use of “OWASP Top 10” in web application security. In Fourth International Scientific Conference on Recent Advances in Information Technology, Tourism, Economics, Management and Agriculture (p. 25). DOI: https://doi.org/10.31410/ITEMA.2020.25 .
[13] Filiol, E., Mercaldo, F., & Santone, A. (2021). A method for automatic penetration testing and mitigation: A red hat approach. Procedia Computer Science, 192, 2039-2046. DOI: http://dx.doi.org/10.1016/j.procs.2021.08.210 .
[14] Viriya, A., & Muliono, Y. (2021). Peeking and Testing Broken Object Level Authorization Vulnerability onto E-Commerce and E-Banking Mobile Applications. Procedia Computer Science, 179, 962-965. DOI: https://doi.org/10.1016/j.procs.2021.01.101 .
[15] Aryanti, D., & Utamajaya, J. N. (2021). Analisis Kerentanan Keamanan Website Menggunakan Metode Owasp (Open Web Application Security Project) Pada Dinas Tenaga Kerja. Jurnal Syntax Fusion, 1(03), 15-25. DOI: https://doi.org/10.54543/fusion.v1i03.53 .
[16] Mateus, E., & Serrão, C. (2021). Vulnerability assessment of Angolan university web applications. Vulnerability assessment of Angolan university web applications, 518-525. DOI: http://dx.doi.org/10.5220/0010716800003058 .
[17] Gultom, L. M., & Harahap, M. (2018). Analisis Celah Keamanan Website Instansi Pemerintahan di Sumatera Utara. Jurnal Teknovasi: Jurnal Teknik dan Inovasi Mesin Otomotif, Komputer, Industri dan Elektronika, 2(2), 1-7. DOI: http://dx.doi.org/10.55445/teknovasi.v2i2.54 .
[18] Mateo Tudela, F., Bermejo Higuera, J. R., Bermejo Higuera, J., Sicilia Montalvo, J. A., & Argyros, M. I. (2020). On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications. Applied Sciences, 10(24), 9119. DOI: https://doi.org/10.3390/app10249119 .
[19] Fachri, F., Fadlil, A., & Riadi, I. (2021). Analisis Keamanan Webserver Menggunakan Penetration Test. Jurnal Informatika, 8(2), 183-190. DOI: https://doi.org/10.31294/ji.v8i2.10854 .
[20] Ula, M. (2019). Evaluasi Kinerja Software Web Penetration Testing. TECHSI-Jurnal Teknik Informatika, 11(3), 336-352. DOI: https://doi.org/10.29103/techsi.v11i3.1996 .