Evaluation Security Web-Based Information System Application Using ISSAF Framework (Case Study: SIMAK-NG Udayana University)
Evaluasi Keamanan Aplikasi Sistem Informasi Berbasis Web Menggunakan Framework ISSAF (Studi Kasus: SIMAK-NG Universitas Udayana)
Abstract
Education is one of the fields that utilize information technology to support both academic and operational activities. Technology that is widely used in education is technology based on web applications. Web-based technology has weaknesses that can be used to exploited by attackers. Web-based systems need to have a good security guarantee to provide a sense of security for its users. Udayana University as an educational organization also uses a web-based application known as SIMAK-NG. SIMAK-NG as a web-based system needs a security test. Security tests with penetration tests. Penetration tests with the ISSAF framework. The penetration test based on the ISSAF framework consists of 9 stages, including information gathering, network mapping, vulnerability identification, penetration, gainning access and privilege escalation, enumerating further, maintaining access and covering tracks. The results of SIMAK-NG penetration testing at the gap identification stage found several system vulnerabilities. The final results of testing at all stages of ISSAF at SIMAK-NG only found 11 vulnerabilities including 3 medium level vulnerabilities, 6 low level vulnerabilities and 2 informational level vulnerabilities. Vulnerabilities that are successfully tested are given recommendations for fixes to close vulnerabilities so that no more vulnerabilities can be used by the attacker
References
[2] A. F. Zulfi, “Evaluasi Keamanan Aplikasi Sistem Informasi Mahasiswa Menggunakan Framework Vapt (Studi Kasus : Sister Universitas Jember).,” Institut Teknologi Sepuluh Nopember, 2017.
[3] R. E. L. De Jimenez, “Pentesting on web applications using ethical - Hacking,” 2016 IEEE 36th Cent. Am. Panama Conv. CONCAPAN 2016, no. 503, 2017.
[4] E. Pratama and A. Wiradarma, “Open Source Intelligence Testing Using the OWASP Version 4 Framework at the Information Gathering Stage ( Case Study : X Company ),” MECS, vol. 7, no. July, pp. 8–12, 2019.
[5] R. H. Hutagalung, L. E. Nugroho, and R. Hidayat, “Analisis Uji Penetrasi Menggunakan ISSAF (Kasus di Server DTETI UGM),” Hacking Digit. Forensics Expo., pp. 32–40, 2017.
[6] M. Parasian, “Audit Keamanan Sistem Informasi Automatic Meter Reading (AMR) Menggunakan Framework Cobit 4.1 Dengan Standar ISO 27002:2005,” Udayana, 2015.
[7] S. Nagpure and S. Kurkure, “Vulnerability Assessment and Penetration Testing of Web Application,” 2017 Int. Conf. Comput. Commun. Control Autom. ICCUBEA 2017, pp. 1–6, 2018.
[8] P. Engrebeston, The Basics of Hacking and Penetration Testing. Massachusetts: Elsevier Inc, 2011.
[9] T. S. Jaya, “Pengujian Aplikasi dengan Metode Blackbox Testing Boundary Value Analysis (Studi Kasus: Kantor Digital Politeknik Negeri Lampung),” J. Inform. Pengemb. IT, vol. 3, no. 2, pp. 45–46, 2018.
[10] Mr.Doel, “Panduan Hacking Website dengan Kali Linux.” p. 229, 2016.