Reyhan Todo, Noer Yamin, Made Agus, D. Suarjaya, Putu Agus, E. Pratama
{"title":"在Udayana大学使用OWASP测试指南版本4对SISAKTI应用程序进行渗透测试","authors":"Reyhan Todo, Noer Yamin, Made Agus, D. Suarjaya, Putu Agus, E. Pratama","doi":"10.24843/jim.2022.v10.i03.p04","DOIUrl":null,"url":null,"abstract":"SISAKTI application is an information system to facilitate online administration of Udayana University student participation credit units. Until now, there has been no security testing carried out on the SISAKTI application, therefore this study aimed to test the security of SISAKTI application using Black Box penetration testing technique, conduct an assessment of system vulnerabilities and provide recommendations for improvements. The method used is by following the guidelines from OWASP Testing Guide version 4 using Information Gathering, Input Validation Testing, and Authorization Testing modules. From these three modules, there were 28 sub-tests that were successfully carried out, the results were 15 positive tests, 6 negative tests, and 7 tests which cannot be done, from the 28 sub-tests there are 8 vulnerabilities that have a direct effect on the system and are assessed using CVSS calculator, the results are 6 vulnerabilities have a vulnerable value from 6.4 (Medium) to 9.9 (Critical).","PeriodicalId":32334,"journal":{"name":"Jurnal Ilmiah Merpati Menara Penelitian Akademika Teknologi Informasi","volume":" ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2022-12-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Penetration Testing on the SISAKTI Application at Udayana University Using the OWASP Testing Guide Version 4\",\"authors\":\"Reyhan Todo, Noer Yamin, Made Agus, D. Suarjaya, Putu Agus, E. Pratama\",\"doi\":\"10.24843/jim.2022.v10.i03.p04\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"SISAKTI application is an information system to facilitate online administration of Udayana University student participation credit units. Until now, there has been no security testing carried out on the SISAKTI application, therefore this study aimed to test the security of SISAKTI application using Black Box penetration testing technique, conduct an assessment of system vulnerabilities and provide recommendations for improvements. The method used is by following the guidelines from OWASP Testing Guide version 4 using Information Gathering, Input Validation Testing, and Authorization Testing modules. From these three modules, there were 28 sub-tests that were successfully carried out, the results were 15 positive tests, 6 negative tests, and 7 tests which cannot be done, from the 28 sub-tests there are 8 vulnerabilities that have a direct effect on the system and are assessed using CVSS calculator, the results are 6 vulnerabilities have a vulnerable value from 6.4 (Medium) to 9.9 (Critical).\",\"PeriodicalId\":32334,\"journal\":{\"name\":\"Jurnal Ilmiah Merpati Menara Penelitian Akademika Teknologi Informasi\",\"volume\":\" \",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Jurnal Ilmiah Merpati Menara Penelitian Akademika Teknologi Informasi\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.24843/jim.2022.v10.i03.p04\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Jurnal Ilmiah Merpati Menara Penelitian Akademika Teknologi Informasi","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.24843/jim.2022.v10.i03.p04","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Penetration Testing on the SISAKTI Application at Udayana University Using the OWASP Testing Guide Version 4
SISAKTI application is an information system to facilitate online administration of Udayana University student participation credit units. Until now, there has been no security testing carried out on the SISAKTI application, therefore this study aimed to test the security of SISAKTI application using Black Box penetration testing technique, conduct an assessment of system vulnerabilities and provide recommendations for improvements. The method used is by following the guidelines from OWASP Testing Guide version 4 using Information Gathering, Input Validation Testing, and Authorization Testing modules. From these three modules, there were 28 sub-tests that were successfully carried out, the results were 15 positive tests, 6 negative tests, and 7 tests which cannot be done, from the 28 sub-tests there are 8 vulnerabilities that have a direct effect on the system and are assessed using CVSS calculator, the results are 6 vulnerabilities have a vulnerable value from 6.4 (Medium) to 9.9 (Critical).
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
