Versioning Catcher Software (VCS) untuk mendeteksi Sensitive Information File Versioning pada Linux Server
Versioning Catcher Software (VCS) To Detect Sensitive Information File Versioning on Linux Server
DOI:
https://doi.org/10.24246/aiti.v18i1.14-33Keywords:
server, OWASP, sensitive information, file versioning, information securityAbstract
Abstract Website is a very popular medium for finding information. Building a website requires a lot of component files which will be stored on the server. To minimize website hacking, security is needed from the system side and the user side. Based on OWASP's TOP 10, one of the vulnerabilities that usually appears is the leakage of sensitive information due to the versioning file residing on the server. In order to minimize the leakage of sensitive information from these vulnerabilities, the authors created a Versioning Catcher Software (VCS) program which functions to detect the presence of these versioning files. The purpose of this research is to protect and prevent sensitive information from being leaked on the server. The results of the discussion of this research can be used to minimize the occurrence of server hacks as a result of the versioning file containing sensitive information that is not handled immediately.
Downloads
Metrics
References
M. Meucci, P. Luptak, and M. Morana, OWASP Testing Guide 4.0. Accessed: Dec. 03, 2020. [Online]. Available: https://owasp.org/www-project-web-security-testing-guide/stable/
A. F. Akbar and I. Neforawati, “Penggunaan Teknologi Versioning Git dan Phinx untuk Pengembangan Aplikasi E-Commerce Berbasis Website,” E-Jurnalcom J. Has. Ris., 2017, Accessed: Dec. 03, 2020. [Online]. Available: https://www.e-jurnal.com/2017/04/penggunaan-teknologi-versioning-git-dan.html
D. Milder, J. Garlicki, and W. Mincewicz, “The Internet Data Collection with the Google Hacking Tool – White, Grey or Black Open-Source Intelligence?,” Agencja Bezpieczeństwa Wewnętrznego, vol. 11, no. 20, pp. 280–300, Apr. 2019.
M. M. Hassan, T. Bhuiyan, and S. Biswas, “An Investigation of Educational Web Applications in Bangladesh: A Case Study on Local File Disclosure Vulnerability,” Researchgate, 2016, Accessed: Dec. 27, 2020. [Online]. Available: https://www.researchgate.net/publication/311806770_An_Investigation_of_Educational_Web_Applications_in_Bangladesh_A_Case_Study_on_Local_File_Disclosure_Vulnerability
M. Z. U. Haq, “GOOGLEDORK, SEBUAH PENDEKATAN LANJUTAN PEMANFAATAN MESIN PENCARI SEBAGAI PENUNJANG LITERASI INFORMASI,” Unilib J. Perpust., vol. 8, no. 1, pp. 29–32, Oct. 2018, doi: 10.20885/unilib.vol8.iss1.art3.
I. Cernica, N. Popescu, and B. ţigănoaia, “Security Evaluation of Wordpress Backup Plugins,” Int. Conf. Control Syst. Comput. Sci. CSCS, pp. 312–316, May 2019, doi: 10.1109/CSCS.2019.00056.
CWE Content Team, “CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory.” Accessed: May 27, 2021. [Online]. Available: https://cwe.mitre.org/data/definitions/538.html
F. Toffalini, M. Abbà, D. Carra, and D. Balzarotti, “Google Dorks: Analysis, Creation, and New Defenses,” Lect. Notes Comput. Sci., Jul. 2016, doi: 10.1007/978-3-319-40667-1_13.
PortSwigger, “Information Disclosure Vulnerabilities,” Information Disclosure. https://portswigger.net/web-security/information-disclosure (accessed Nov. 18, 2020).
“How Google Search Works for Beginners | Google Search Central,” How Search Works (for beginners). https://developers.google.com/search/docs/basics/how-search-works (accessed May 27, 2021).
Rakjong, “Backup-scan,” Backup-scan. https://github.com/rakjong/Backup-scan (accessed Jul. 13, 2021).
M. Carlton, Y. Levy, and M. Ramim, “Mitigating cyber attacks through the measurement of non-IT professionals’ cybersecurity skills,” Inf. Comput. Secur., vol. 27, no. 1, pp. 101–121, Jan. 2019, doi: 10.1108/ICS-11-2016-0088.
“Top 10 Web Application Security Risks,” OWASP Top 10 Web Application Security Risks. https://owasp.org/www-project-top-ten/ (accessed Jun. 30, 2021).
B. Rodrigo Barbosa Cortes, “Utilizando Google Hacking para encontrar vulnerabilidades em sites,” Rev. Exército Bras., vol. v. 7 n. 2 (2017): O Comunicante, Sep. 2018, Accessed: Jul. 01, 2021. [Online]. Available: http://www.ebrevistas.eb.mil.br/OC/article/view/1724
Downloads
Published
How to Cite
Issue
Section
License
All articles published in AITI: Jurnal Teknologi Informasi is licensed under a Creative Commons Attribution 4.0 International License.