The Testing for Information Gathering Using OWASP Testing Guide v4 (Case Study : Udayana University SIMAK-NG Application)
Abstract
Web Application is the most used platform to develope an information system. The increased of web application technology is comparible as the risk, therefore web application must be tested first to make sure there is no risk or security issues on that application before it’s launch to public. Penetration testing is a method that test the web application security risk. The first step to do penetration testing is testing for information gathering, it is used help the tester to known the specification and vulnerability of the application. This study will implement testing for information gathering to Udayana University SIMAK-NG (Academic Information System) Application using OWASP Testing Guide Version 4 framework to known there is any security issues on that application. there are ten things that were tested, that is from OTG-INFO-001 until OTG-INFO-010 and the result is seven test get positif value.
References
[2] I Putu Agus Eka Pratama, Anak Agung Bagus Arya Wiradarma, "Open Source Intelligence Testing Using the OWASP Version 4 Framework at the Information Gathering Stage (Case Study: X Company)", International Journal of Computer Network and Information Security(IJCNIS), Vol.11, No.7, pp.8-12, 2019.DOI: 10.5815/ijcnis.2019.07.02
[3] Abel Yeboah-Ofori, P. A. B. (2017). "Cyber Intelligence and OSINT: Developing Mitigation Techniques Against Cybercrime Threats on Social Media." International Journal of Cyber-Security and Digital Forensics 7(1): 11.
[4] Young B. Choi and Kenneth P. LaCroix, “Building a Penetration Testing Device for Black Box using Modified Linux for Under $50” International Journal of Advanced Computer Science and Applications(IJACSA), 8(1), 2017. http://dx.doi.org/10.14569/IJACSA.2017.080103
[5] Bahrun Ghozali, K., Sudarmawan and (2018). "Mendeteksi Kerentanan Keamanan Aplikasi Website Menggunakan Metode Owasp (Open Web Application Security Project) untuk Penilaian Risk Rating "Creative Information Technology Journal 4(4): 11
[6] Raden Teduh Dirgahayu, Y. P., Adi Fajaryanto (2015). "Penerapan Metode ISSAF dan OWASP versi 4 Untuk Uji Kerentanan Web Server "Jurnal Imiah NERO 1(3): 7.
[7] Yunanri W, I. R., Anton Yudhana (2018). "Analisis Deteksi Vulnerability Pada Webserver Open Jurnal System Menggunakan OWASP Scanner." Jurnal Rekayasa Teknologi Informasi 2(1): 8.
[8] The OWASP Foundation, “ZAP Proxy.”
[9] I. Riadi, R. Umar, and W. Sukarno, “Vulnerability of Injection Attacks Against The Application Security of Framework Based Bebsites Open Web Access Security Project (OWASP),” J. Inform., vol. 12, no. 2, pp. 53–57, 2018.
[10] NMAP.Org, Introduction, Retrieved 2013. Diakses tanggal 3 Juni 2020