Penetration Testing on the SISAKTI Application at Udayana University Using the OWASP Testing Guide Version 4

  • Reyhan Todo Noer Yamin Universitas Udayana
  • I Made Agus Dwi Suarjaya Universitas Udayana
  • I Putu Agus Eka Pratama Universitas Udayana

Abstract

SISAKTI application is an information system to facilitate online administration of Udayana University student participation credit units. Until now, there has been no security testing carried out on the SISAKTI application, therefore this study aimed to test the security of  SISAKTI application using Black Box penetration testing technique, conduct an assessment of system vulnerabilities and provide recommendations for improvements. The method used is by following the guidelines from OWASP Testing Guide version 4 using Information Gathering, Input Validation Testing, and Authorization Testing modules. From these three modules, there were 28 sub-tests that were successfully carried out, the results were 15 positive tests, 6 negative tests, and 7 tests which cannot be done, from the 28 sub-tests there are 8 vulnerabilities that have a direct effect on the system and are assessed using CVSS calculator, the results are 6 vulnerabilities have a vulnerable value from 6.4 (Medium) to 9.9 (Critical).

Published
2022-12-28
How to Cite
YAMIN, Reyhan Todo Noer; SUARJAYA, I Made Agus Dwi; PRATAMA, I Putu Agus Eka. Penetration Testing on the SISAKTI Application at Udayana University Using the OWASP Testing Guide Version 4. Jurnal Ilmiah Merpati (Menara Penelitian Akademika Teknologi Informasi), [S.l.], v. 10, n. 3, p. 155-166, dec. 2022. ISSN 2685-2411. Available at: <https://ojs.unud.ac.id/index.php/merpati/article/view/94365>. Date accessed: 13 nov. 2024. doi: https://doi.org/10.24843/JIM.2022.v10.i03.p04.

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.