Versioning Catcher Software (VCS) untuk mendeteksi Sensitive Information File Versioning pada Linux Server

Versioning Catcher Software (VCS) To Detect Sensitive Information File Versioning on Linux Server

Authors

  • Rhenaldo Delfi Nugraha Fakultas Teknologi Informasi, Teknik Informatika, Universitas Kristen Satya Wacana
  • Dian Widiyanto Chandra Fakultas Teknologi Informasi Universitas Kristen Satya Wacana

DOI:

https://doi.org/10.24246/aiti.v18i1.14-33

Keywords:

server, OWASP, sensitive information, file versioning, information security

Abstract

Abstract Website is a very popular medium for finding information. Building a website requires a lot of component files which will be stored on the server. To minimize website hacking, security is needed from the system side and the user side. Based on OWASP's TOP 10, one of the vulnerabilities that usually appears is the leakage of sensitive information due to the versioning file residing on the server. In order to minimize the leakage of sensitive information from these vulnerabilities, the authors created a Versioning Catcher Software (VCS) program which functions to detect the presence of these versioning files. The purpose of this research is to protect and prevent sensitive information from being leaked on the server. The results of the discussion of this research can be used to minimize the occurrence of server hacks as a result of the versioning file containing sensitive information that is not handled immediately.

Downloads

Download data is not yet available.

Metrics

Metrics Loading ...

References

M. Meucci, P. Luptak, and M. Morana, OWASP Testing Guide 4.0. Accessed: Dec. 03, 2020. [Online]. Available: https://owasp.org/www-project-web-security-testing-guide/stable/

A. F. Akbar and I. Neforawati, “Penggunaan Teknologi Versioning Git dan Phinx untuk Pengembangan Aplikasi E-Commerce Berbasis Website,” E-Jurnalcom J. Has. Ris., 2017, Accessed: Dec. 03, 2020. [Online]. Available: https://www.e-jurnal.com/2017/04/penggunaan-teknologi-versioning-git-dan.html

D. Milder, J. Garlicki, and W. Mincewicz, “The Internet Data Collection with the Google Hacking Tool – White, Grey or Black Open-Source Intelligence?,” Agencja Bezpieczeństwa Wewnętrznego, vol. 11, no. 20, pp. 280–300, Apr. 2019.

M. M. Hassan, T. Bhuiyan, and S. Biswas, “An Investigation of Educational Web Applications in Bangladesh: A Case Study on Local File Disclosure Vulnerability,” Researchgate, 2016, Accessed: Dec. 27, 2020. [Online]. Available: https://www.researchgate.net/publication/311806770_An_Investigation_of_Educational_Web_Applications_in_Bangladesh_A_Case_Study_on_Local_File_Disclosure_Vulnerability

M. Z. U. Haq, “GOOGLEDORK, SEBUAH PENDEKATAN LANJUTAN PEMANFAATAN MESIN PENCARI SEBAGAI PENUNJANG LITERASI INFORMASI,” Unilib J. Perpust., vol. 8, no. 1, pp. 29–32, Oct. 2018, doi: 10.20885/unilib.vol8.iss1.art3.

I. Cernica, N. Popescu, and B. ţigănoaia, “Security Evaluation of Wordpress Backup Plugins,” Int. Conf. Control Syst. Comput. Sci. CSCS, pp. 312–316, May 2019, doi: 10.1109/CSCS.2019.00056.

CWE Content Team, “CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory.” Accessed: May 27, 2021. [Online]. Available: https://cwe.mitre.org/data/definitions/538.html

F. Toffalini, M. Abbà, D. Carra, and D. Balzarotti, “Google Dorks: Analysis, Creation, and New Defenses,” Lect. Notes Comput. Sci., Jul. 2016, doi: 10.1007/978-3-319-40667-1_13.

PortSwigger, “Information Disclosure Vulnerabilities,” Information Disclosure. https://portswigger.net/web-security/information-disclosure (accessed Nov. 18, 2020).

“How Google Search Works for Beginners | Google Search Central,” How Search Works (for beginners). https://developers.google.com/search/docs/basics/how-search-works (accessed May 27, 2021).

Rakjong, “Backup-scan,” Backup-scan. https://github.com/rakjong/Backup-scan (accessed Jul. 13, 2021).

M. Carlton, Y. Levy, and M. Ramim, “Mitigating cyber attacks through the measurement of non-IT professionals’ cybersecurity skills,” Inf. Comput. Secur., vol. 27, no. 1, pp. 101–121, Jan. 2019, doi: 10.1108/ICS-11-2016-0088.

“Top 10 Web Application Security Risks,” OWASP Top 10 Web Application Security Risks. https://owasp.org/www-project-top-ten/ (accessed Jun. 30, 2021).

B. Rodrigo Barbosa Cortes, “Utilizando Google Hacking para encontrar vulnerabilidades em sites,” Rev. Exército Bras., vol. v. 7 n. 2 (2017): O Comunicante, Sep. 2018, Accessed: Jul. 01, 2021. [Online]. Available: http://www.ebrevistas.eb.mil.br/OC/article/view/1724

Downloads

Published

2021-07-19

How to Cite

[1]
R. D. Nugraha and D. W. Chandra, “Versioning Catcher Software (VCS) untuk mendeteksi Sensitive Information File Versioning pada Linux Server: Versioning Catcher Software (VCS) To Detect Sensitive Information File Versioning on Linux Server”, AITI, vol. 18, no. 1, pp. 14–33, Jul. 2021.

Issue

Section

Articles

Most read articles by the same author(s)