Evaluation Security Web-Based Information System Application Using ISSAF Framework (Case Study: SIMAK-NG Udayana University)

Evaluasi Keamanan Aplikasi Sistem Informasi Berbasis Web Menggunakan Framework ISSAF (Studi Kasus: SIMAK-NG Universitas Udayana)

  • Ni Kade Mega Handayani Udayana
  • Gusti Made Arya Sasmita
  • Anak Agung Ketut Agung Cahyawan Wiranath

Abstract

Education is one of the fields that utilize information technology to support both academic and operational activities. Technology that is widely used in education is technology based on web applications. Web-based technology has weaknesses that can be used to exploited by attackers. Web-based systems need to have a good security guarantee to provide a sense of security for its users. Udayana University as an educational organization also uses a web-based application known as SIMAK-NG. SIMAK-NG as a web-based system needs a security test. Security tests with penetration tests. Penetration tests with the ISSAF framework. The penetration test based on the ISSAF framework consists of 9 stages, including information gathering, network mapping, vulnerability identification, penetration, gainning access and privilege escalation, enumerating further, maintaining access and covering tracks. The results of SIMAK-NG penetration testing at the gap identification stage found several system vulnerabilities. The final results of testing at all stages of ISSAF at SIMAK-NG only found 11 vulnerabilities including 3 medium level vulnerabilities, 6 low level vulnerabilities and 2 informational level vulnerabilities. Vulnerabilities that are successfully tested are given recommendations for fixes to close vulnerabilities so that no more vulnerabilities can be used by the attacker 

References

[1] J. N. Goel and B. M. Mehtre, “Vulnerability Assessment & Penetration Testing as a Cyber Defence Technology,” Procedia Comput. Sci., vol. 57, pp. 710–715, 2015.
[2] A. F. Zulfi, “Evaluasi Keamanan Aplikasi Sistem Informasi Mahasiswa Menggunakan Framework Vapt (Studi Kasus : Sister Universitas Jember).,” Institut Teknologi Sepuluh Nopember, 2017.
[3] R. E. L. De Jimenez, “Pentesting on web applications using ethical - Hacking,” 2016 IEEE 36th Cent. Am. Panama Conv. CONCAPAN 2016, no. 503, 2017.
[4] E. Pratama and A. Wiradarma, “Open Source Intelligence Testing Using the OWASP Version 4 Framework at the Information Gathering Stage ( Case Study : X Company ),” MECS, vol. 7, no. July, pp. 8–12, 2019.
[5] R. H. Hutagalung, L. E. Nugroho, and R. Hidayat, “Analisis Uji Penetrasi Menggunakan ISSAF (Kasus di Server DTETI UGM),” Hacking Digit. Forensics Expo., pp. 32–40, 2017.
[6] M. Parasian, “Audit Keamanan Sistem Informasi Automatic Meter Reading (AMR) Menggunakan Framework Cobit 4.1 Dengan Standar ISO 27002:2005,” Udayana, 2015.
[7] S. Nagpure and S. Kurkure, “Vulnerability Assessment and Penetration Testing of Web Application,” 2017 Int. Conf. Comput. Commun. Control Autom. ICCUBEA 2017, pp. 1–6, 2018.
[8] P. Engrebeston, The Basics of Hacking and Penetration Testing. Massachusetts: Elsevier Inc, 2011.
[9] T. S. Jaya, “Pengujian Aplikasi dengan Metode Blackbox Testing Boundary Value Analysis (Studi Kasus: Kantor Digital Politeknik Negeri Lampung),” J. Inform. Pengemb. IT, vol. 3, no. 2, pp. 45–46, 2018.
[10] Mr.Doel, “Panduan Hacking Website dengan Kali Linux.” p. 229, 2016.
Published
2020-11-05
How to Cite
HANDAYANI, Ni Kade Mega; ARYA SASMITA, Gusti Made; WIRANATH, Anak Agung Ketut Agung Cahyawan. Evaluation Security Web-Based Information System Application Using ISSAF Framework (Case Study: SIMAK-NG Udayana University). JITTER : Jurnal Ilmiah Teknologi dan Komputer, [S.l.], v. 1, n. 2, p. 67-75, nov. 2020. ISSN 2747-1233. Available at: <https://ojs.unud.ac.id/index.php/jitter/article/view/65651>. Date accessed: 13 nov. 2024. doi: https://doi.org/10.24843/jitter.v1i2.65651.

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.