Uji kerentanan keamanan pada aplikasi berbasis web menggunakan metode Vulnerability Assessment

Authors

  • Rissal Efendi Faculty of Information Technology, Satya Wacana Christian University
  • Teguh Wahyono Faculty of Information Technology, Satya Wacana Christian University
  • Indrastanti R. Widiasari Faculty of Information Technology, Satya Wacana Christian University

DOI:

https://doi.org/10.24246/aiti.v21i1.44-57

Keywords:

Vulnerability assessment, Greybone, security

Abstract

Vulnerability assessment is a process to look for system security gaps that can cause information technology process system failure. In carrying out a vulnerability assessment there are three main stages, namely information collection, assessment and exploit using the Greybone Openvas tool with a Full Scan template on the object and several credentials provided by a website. From the vulnerability assessment process, five vulnerabilities were found on assets, namely critical risk with a few 0, high risk with a few 2, medium risk with a few 2, and low risk with a few 1. Based on the conclusions from the vulnerability analysis the website and the results of identity verification, it was concluded that the website had a few weaknesses and vulnerabilities that needed to be fixed to maintain the security and quality of the website. Corrective actions on website configuration need to be taken such as setting cookies, SSL, HTTP headers, and others. SSL/TLS services do not accurately limit the renegotiation stage of the system, making it easier for attackers to carry out Denial of Service attacks by carrying out many renegotiations in one connection.

Downloads

Download data is not yet available.

Metrics

Metrics Loading ...

References

D. Arnaldy and A. R. Perdana, “Implementation and Analysis of Penetration Techniques Using the Man-In-The-Middle Attack,” in 2019 2nd International Conference of Computer and Informatics Engineering (IC2IE), IEEE, Sep. 2019, pp. 188–192. doi: 10.1109/IC2IE47452.2019.8940872.

G. A. Jaafar, S. M. Abdullah, and S. Ismail, “Review of Recent Detection Methods for HTTP DDoS Attack,” Journal of Computer Networks and Communications, vol. 2019, pp. 1–10, Jan. 2019, doi: 10.1155/2019/1283472.

V. K. Malviya, S. Rai, and A. Gupta, “Development of web browser prototype with embedded classification capability for mitigating Cross-Site Scripting attacks,” Appl Soft Comput, vol. 102, p. 106873, Apr. 2021, doi: 10.1016/j.asoc.2020.106873.

S. M. Toapanta, O. A. Escalante Quimis, L. E. M. Gallegos, and M. R. Maciel Arellano, “Analysis for the Evaluation and Security Management of a Database in a Public Organization to Mitigate Cyber Attacks,” IEEE Access, vol. 8, pp. 169367–169384, 2020, doi: 10.1109/ACCESS.2020.3022746.

R. U. Surian, N. A. A. Rahman, and Y. Nathan, “Nscanner: Vulnerabilities Detection Tool for Web Application,” J Phys Conf Ser, vol. 1712, 2020, [Online]. Available: https://api.semanticscholar.org/CorpusID:234543649

S. M. T. Toapanta, I. N. C. Ochoa, R. A. N. Sanchez, and L. E. G. Mafla, “Impact on Administrative Processes by Cyberattacks in a Public Organization of Ecuador,” in 2019 Third World Conference on Smart Trends in Systems Security and Sustainablity (WorldS4), IEEE, Jul. 2019, pp. 270–274. doi: 10.1109/WorldS4.2019.8903967.

Q. Chen, “Research on the Implementation Method of Database Security in Management Information System Based on Big Data Analysis,” E3S Web of Conferences, vol. 185, p. 02033, Sep. 2020, doi: 10.1051/e3sconf/202018502033.

A. K. Priyanka and S. S. Smruthi, “WebApplication Vulnerabilities:Exploitation and Prevention,” in 2020 Second International Conference on Inventive Research in Computing Applications (ICIRCA), IEEE, Jul. 2020, pp. 729–734. doi: 10.1109/ICIRCA48905.2020.9182928.

D. Dalalana Bertoglio and A. F. Zorzo, “Overview and open issues on penetration test,” Journal of the Brazilian Computer Society, vol. 23, no. 1, p. 2, 2017, doi: 10.1186/s13173-017-0051-1.

A. Jamil, K. Asif, R. Ashraf, S. Mehmood, and G. Mustafa, “A comprehensive study of cyber attacks & counter measures for web systems,” in Proceedings of the 2nd International Conference on Future Networks and Distributed Systems, New York, NY, USA: ACM, Jun. 2018, pp. 1–7. doi: 10.1145/3231053.3231116.

S. Nagpure and S. Kurkure, “Vulnerability Assessment and Penetration Testing of Web Application,” in 2017 International Conference on Computing, Communication, Control and Automation (ICCUBEA), IEEE, Aug. 2017, pp. 1–6. doi: 10.1109/ICCUBEA.2017.8463920.

C. O. N. Susanto, K. N. F. Rizko, and D. Purbohadi, “Security Assessment Using Nessus Tool to Determine Security Gaps on the Repository Web Application in Educational Institutions,” Emerging Information Science and Technology, vol. 1, no. 2, 2020, doi: 10.18196/eist.128.

E. A. Altulaihan, A. Alismail, and M. Frikha, “A Survey on Web Application Penetration Testing,” Electronics (Basel), vol. 12, no. 5, p. 1229, Mar. 2023, doi: 10.3390/electronics12051229.

S. Nagpure and S. Kurkure, “Vulnerability Assessment and Penetration Testing of Web Application,” in 2017 International Conference on Computing, Communication, Control and Automation (ICCUBEA), IEEE, Aug. 2017, pp. 1–6. doi: 10.1109/ICCUBEA.2017.8463920.

A. Ifeyinwa, A. Sunday, and E. Pater, “Network Vulnerability Analysis,” International Journal of Computer, [Online]. Available: http://ijcjournal.org/

Published

2024-04-02

How to Cite

[1]
R. Efendi, T. Wahyono, and I. R. Widiasari, “Uji kerentanan keamanan pada aplikasi berbasis web menggunakan metode Vulnerability Assessment”, AITI, vol. 21, no. 1, pp. 44–57, Apr. 2024.

Issue

Section

Articles