ANALISIS KEAMANAN SEBUAH DOMAIN MENGGUNAKAN OPEN WEB APPLICATION SECURITY PROJECT (OWASP) Zap
DOI:
https://doi.org/10.34151/technoscientia.v15i2.4013Keywords:
Security analysis, owasp, Vulnerability AnalysisAbstract
Along with the development of information technology among the wider community, information systems make it easier for people to access and search for information in the form of websites. The problem of security risk is one of the important aspects of an information system. But, security risks are somehow less priority to be considered. In the present work, a security analysis of a domain was conducted using the Open Web Application Security Project (OWASP) Zap. The research method used is literature review and observation. The literature review is used to collect relevant previous research literatures as well as relevant theories and concepts in terms of Vulnerability Analysis. The literatures are obtained from journals, books, scientific papers, and digital media such as the internet. While observation is used to determine, sort, collect, and review the data needed in the test. The results of show that several vulnerabilities on the akprind.ac.id site that can have a detrimental impact on the campus. The security system on several akprind subdomains still does not meet the CIA TRIAD security principle, namely confidentiality. The OWASP Zap tools are still good as a basis for conducting penetration testing on several sites with the akprind.ac.id domain. Because there are still some security issues that match the owasp list. It is hoped that for the IST AKPRIND web, further research needs to be carried out using the ISSAF (Information System Security Assessment Framework) method so that it can be known more deeply if there are vulnerabilities from the web server.
References
Guntoro, G., Costaner, L. and Musfawati, M. (2020) ‘Analisis Keamanan Web Server Open Journal System (Ojs) Menggunakan Metode Issaf Dan Owasp (Studi Kasus Ojs Universitas Lancang Kuning)’, JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), 5(1), p. 45.
ISO/IEC (2018) ‘International Standard ISO / IEC Information technology — Security Techniques — Information Security Management Systems — Overview and’, ACM Workshop on Formal Methods in Security Engineering.Washington, DC, USA, 34(19), pp. 45–55.
OWASP (2014) ‘4.0 Testing Guide’, OWASP foundation, (Cc), p. 224.
Priandoyo, A. (2006) ‘Vulnerability Assessment untuk Meningkatkan Kesadaran Pentingnya Keamanan Informasi’, Ernst & Young, 1(2), pp. 73–83.
Rochman, A. et al. (2021) ‘Di Rumah Sakit Xyz’, Analisis Keamanan Website Dengan Information System Security Assessment Framework (Issaf) Dan Open Web Application Security Project, 2(4).
Tedyyana, A. and Kurniati, R. (2016) ‘Membuat Web Server Menggunakan Dinamic Domain’, Jurnal Teknologi Informasi & Komunikasi Digital Zone, 7(1), pp. 1–10.
Yudiana, Y., Elanda, A. and Buana, R.L. (2021) ‘Analisis Kualitas Keamanan Sistem Informasi E-Office Berbasis Website Pada STMIK Rosma Dengan Menggunakan OWASP Top 10’, CESS (Journal of Computer Engineering, System and Science), 6(2), p. 185.
Yunus, M. (2019) ‘Analisis Kerentanan Aplikasi Berbasis Web Menggunakan Kombinasi Security Tools Project Berdasarkan Framework Owasp Versi 4’, Jurnal Ilmiah Informatika Komputer, 24(1), pp. 37–48.
Zen, B.P., Gultom, R.A.G. and Reksoprodjo, A.H.S. (2020) ‘Analisis Security Assessment Menggunakan Metode Penetration Testing dalam Menjaga Kapabilitas Keamanan Teknologi Informasi Pertahanan Negara’, Jurnal Teknologi Penginderaan, 2(1), pp. 105–122.