The Testing for Information Gathering Using OWASP Testing Guide v4 (Case Study : Udayana University SIMAK-NG Application)

  • Rasendriya Revo Daniswara Program Studi Teknologi Informasi, Fakultas Teknik, Universitas Udayana
  • Gusti Made Arya Sasmita Program Studi Teknologi Informasi, Fakultas Teknik, Universitas Udayana
  • I Putu Agus Eka Pratama Program Studi Teknologi Informasi, Fakultas Teknik, Universitas Udayana

Abstract

Web Application is the most used platform to develope an information system. The increased of web application technology is comparible as the risk, therefore web application must be tested first to make sure there is no risk or security issues on that application before it’s launch to public. Penetration testing is a method that test the web application security risk. The first step to do penetration testing is testing for information gathering, it is used help the tester to known the specification and vulnerability of the application. This study will implement testing for information gathering to Udayana University SIMAK-NG (Academic Information System) Application  using OWASP Testing Guide Version 4 framework to known there is  any security issues on that application. there are ten things that were tested, that is from OTG-INFO-001 until OTG-INFO-010 and the result is seven test get positif value.

References

[1] M. Felderer, M. Buchler, M. Johns, A. D. Brucker, R. Breu, and ¨ A. Pretschner, “Security testing: A survey,” in Advances in Computers. Elsevier, 2016, vol. 101, pp. 1–51.
[2] I Putu Agus Eka Pratama, Anak Agung Bagus Arya Wiradarma, "Open Source Intelligence Testing Using the OWASP Version 4 Framework at the Information Gathering Stage (Case Study: X Company)", International Journal of Computer Network and Information Security(IJCNIS), Vol.11, No.7, pp.8-12, 2019.DOI: 10.5815/ijcnis.2019.07.02
[3] Abel Yeboah-Ofori, P. A. B. (2017). "Cyber Intelligence and OSINT: Developing Mitigation Techniques Against Cybercrime Threats on Social Media." International Journal of Cyber-Security and Digital Forensics 7(1): 11.
[4] Young B. Choi and Kenneth P. LaCroix, “Building a Penetration Testing Device for Black Box using Modified Linux for Under $50” International Journal of Advanced Computer Science and Applications(IJACSA), 8(1), 2017. http://dx.doi.org/10.14569/IJACSA.2017.080103
[5] Bahrun Ghozali, K., Sudarmawan and (2018). "Mendeteksi Kerentanan Keamanan Aplikasi Website Menggunakan Metode Owasp (Open Web Application Security Project) untuk Penilaian Risk Rating "Creative Information Technology Journal 4(4): 11
[6] Raden Teduh Dirgahayu, Y. P., Adi Fajaryanto (2015). "Penerapan Metode ISSAF dan OWASP versi 4 Untuk Uji Kerentanan Web Server "Jurnal Imiah NERO 1(3): 7.
[7] Yunanri W, I. R., Anton Yudhana (2018). "Analisis Deteksi Vulnerability Pada Webserver Open Jurnal System Menggunakan OWASP Scanner." Jurnal Rekayasa Teknologi Informasi 2(1): 8.
[8] The OWASP Foundation, “ZAP Proxy.”
[9] I. Riadi, R. Umar, and W. Sukarno, “Vulnerability of Injection Attacks Against The Application Security of Framework Based Bebsites Open Web Access Security Project (OWASP),” J. Inform., vol. 12, no. 2, pp. 53–57, 2018.
[10] NMAP.Org, Introduction, Retrieved 2013. Diakses tanggal 3 Juni 2020
Published
2020-08-26
How to Cite
DANISWARA, Rasendriya Revo; SASMITA, Gusti Made Arya; PRATAMA, I Putu Agus Eka. The Testing for Information Gathering Using OWASP Testing Guide v4 (Case Study : Udayana University SIMAK-NG Application). JITTER : Jurnal Ilmiah Teknologi dan Komputer, [S.l.], v. 1, n. 1, p. 23-33, aug. 2020. ISSN 2747-1233. Available at: <https://ojs.unud.ac.id/index.php/jitter/article/view/63375>. Date accessed: 19 apr. 2024.
Citation Formats
Issue
Vol 1 No 1 (2020): JITTER, Vol.1, No.1, August 2020
Section
Articles

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.