Penetration Testing on the SISAKTI Application at Udayana University Using the OWASP Testing Guide Version 4

Jurnal Ilmiah Merpati Menara Penelitian Akademika Teknologi Informasi Pub Date : 2022-12-28 DOI:10.24843/jim.2022.v10.i03.p04

Reyhan Todo, Noer Yamin, Made Agus, D. Suarjaya, Putu Agus, E. Pratama

{"title":"Penetration Testing on the SISAKTI Application at Udayana University Using the OWASP Testing Guide Version 4","authors":"Reyhan Todo, Noer Yamin, Made Agus, D. Suarjaya, Putu Agus, E. Pratama","doi":"10.24843/jim.2022.v10.i03.p04","DOIUrl":null,"url":null,"abstract":"SISAKTI application is an information system to facilitate online administration of Udayana University student participation credit units. Until now, there has been no security testing carried out on the SISAKTI application, therefore this study aimed to test the security of SISAKTI application using Black Box penetration testing technique, conduct an assessment of system vulnerabilities and provide recommendations for improvements. The method used is by following the guidelines from OWASP Testing Guide version 4 using Information Gathering, Input Validation Testing, and Authorization Testing modules. From these three modules, there were 28 sub-tests that were successfully carried out, the results were 15 positive tests, 6 negative tests, and 7 tests which cannot be done, from the 28 sub-tests there are 8 vulnerabilities that have a direct effect on the system and are assessed using CVSS calculator, the results are 6 vulnerabilities have a vulnerable value from 6.4 (Medium) to 9.9 (Critical).","PeriodicalId":32334,"journal":{"name":"Jurnal Ilmiah Merpati Menara Penelitian Akademika Teknologi Informasi","volume":" ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2022-12-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Jurnal Ilmiah Merpati Menara Penelitian Akademika Teknologi Informasi","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.24843/jim.2022.v10.i03.p04","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

SISAKTI application is an information system to facilitate online administration of Udayana University student participation credit units. Until now, there has been no security testing carried out on the SISAKTI application, therefore this study aimed to test the security of SISAKTI application using Black Box penetration testing technique, conduct an assessment of system vulnerabilities and provide recommendations for improvements. The method used is by following the guidelines from OWASP Testing Guide version 4 using Information Gathering, Input Validation Testing, and Authorization Testing modules. From these three modules, there were 28 sub-tests that were successfully carried out, the results were 15 positive tests, 6 negative tests, and 7 tests which cannot be done, from the 28 sub-tests there are 8 vulnerabilities that have a direct effect on the system and are assessed using CVSS calculator, the results are 6 vulnerabilities have a vulnerable value from 6.4 (Medium) to 9.9 (Critical).

查看原文本刊更多论文

在Udayana大学使用OWASP测试指南版本4对SISAKTI应用程序进行渗透测试

SISAKTI申请是一个信息系统，方便乌达亚纳大学学生参与学分单位的在线管理。到目前为止，还没有对SISAKTI应用程序进行安全测试，因此本研究旨在使用黑匣子渗透测试技术测试SISAKTI应用程序的安全性，对系统漏洞进行评估，并提出改进建议。使用的方法是遵循OWASP测试指南第4版中的指南，使用信息收集、输入验证测试和授权测试模块。在这三个模块中，成功进行了28个子测试，结果为15个阳性测试、6个阴性测试和7个无法完成的测试。在28个子测试中，有8个漏洞对系统有直接影响，并使用CVSS计算器进行评估，结果为6个漏洞的脆弱性值从6.4（中等）到9.9（严重）。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Jurnal Ilmiah Merpati Menara Penelitian Akademika Teknologi Informasi

自引率

0.00%

发文量

审稿时长

24 weeks