SECURITY ANALYSIS ON WEBSITES USING THE INFORMATION SYSTEM ASSESSMENT FRAMEWORK (ISSAF) AND OPEN WEB APPLICATION SECURITY VERSION 4 (OWASPv4) USING THE PENETRATION TESTING METHOD

Jurnal Pertahanan Media Informasi tentang Kajian dan Strategi Pertahanan yang Mengedepankan Identity Nasionalism Integrity Pub Date : 2022-12-31 DOI:10.33172/jp.v8i3.1777

Ditya Putri Anggraeni, Bita Parga Zen, Mega Pranata

{"title":"SECURITY ANALYSIS ON WEBSITES USING THE INFORMATION SYSTEM ASSESSMENT FRAMEWORK (ISSAF) AND OPEN WEB APPLICATION SECURITY VERSION 4 (OWASPv4) USING THE PENETRATION TESTING METHOD","authors":"Ditya Putri Anggraeni, Bita Parga Zen, Mega Pranata","doi":"10.33172/jp.v8i3.1777","DOIUrl":null,"url":null,"abstract":"At this time in the rapid development of technology, there must be advantages and disadvantages of a system or technology that was created. Within the scope of the website, there are also many security holes that irresponsible parties can enter. The state of the website at the Telkom Purwokerto Institute of Technology, both University and Faculty websites, already uses Hypertext Transfers Protocol Secure (HTTPS). This study used the Information System Security Assessment Framework (ISSAF) and Open Web Application Project (OWASP) frameworks with the Penetration Testing method. This study aims to determine vulnerabilities on the website s1if.ittelkom-pwt.ac.id. The result of performing vulnerabilities is several vulnerabilities to the Institut Teknologi Telkom Purwokerto (ITTP) Informatics Study Program website, including not updating jquery on the ITTP website. Ten tests have been carried out, five tests using ISSAF and five tests using OWSP version 4. When performing vulnerabilities in the ISSAF framework, found robots files.txt on the S1 Informatics website which is quite crucial for s1if.ittelkom-pwt.ac.id website which contains an exploitable sitemap. ","PeriodicalId":52819,"journal":{"name":"Jurnal Pertahanan Media Informasi tentang Kajian dan Strategi Pertahanan yang Mengedepankan Identity Nasionalism Integrity","volume":"50 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2022-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Jurnal Pertahanan Media Informasi tentang Kajian dan Strategi Pertahanan yang Mengedepankan Identity Nasionalism Integrity","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.33172/jp.v8i3.1777","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

At this time in the rapid development of technology, there must be advantages and disadvantages of a system or technology that was created. Within the scope of the website, there are also many security holes that irresponsible parties can enter. The state of the website at the Telkom Purwokerto Institute of Technology, both University and Faculty websites, already uses Hypertext Transfers Protocol Secure (HTTPS). This study used the Information System Security Assessment Framework (ISSAF) and Open Web Application Project (OWASP) frameworks with the Penetration Testing method. This study aims to determine vulnerabilities on the website s1if.ittelkom-pwt.ac.id. The result of performing vulnerabilities is several vulnerabilities to the Institut Teknologi Telkom Purwokerto (ITTP) Informatics Study Program website, including not updating jquery on the ITTP website. Ten tests have been carried out, five tests using ISSAF and five tests using OWSP version 4. When performing vulnerabilities in the ISSAF framework, found robots files.txt on the S1 Informatics website which is quite crucial for s1if.ittelkom-pwt.ac.id website which contains an exploitable sitemap.

查看原文本刊更多论文

利用渗透测试的方法，利用信息系统评估框架(ISSAF)和开放WEB应用程序安全版本4 (OWASPv4)对网站进行安全分析

在这个技术飞速发展的时代，必然有一种制度或技术的优点和缺点被创造出来。在网站的范围内，也有很多安全漏洞，不负责任的人可以进入。Telkom Purwokerto理工学院的网站状态，大学和学院网站都已经使用超文本传输安全协议(HTTPS)。本研究采用信息系统安全评估框架(ISSAF)和开放Web应用程序项目(OWASP)框架，并采用渗透测试方法。本研究旨在确定s1if.ittelkom-pwt.ac.id网站上的漏洞。执行漏洞的结果是对Institut Teknologi Telkom purworker (ITTP)信息学研究计划网站的几个漏洞，包括不更新ITTP网站上的jquery。已经进行了10次测试，其中5次使用ISSAF, 5次使用OWSP第4版。在ISSAF框架中执行漏洞时，在S1 Informatics网站上发现了robots files.txt，这对S1 . if.ittelkom-pwt.ac非常重要。Id网站，其中包含一个可利用的站点地图。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Jurnal Pertahanan Media Informasi tentang Kajian dan Strategi Pertahanan yang Mengedepankan Identity Nasionalism Integrity

自引率

0.00%

发文量

审稿时长

12 weeks