Versioning Catcher Software (VCS) untuk mendeteksi Sensitive Information File Versioning pada Linux Server

Versioning Catcher Software (VCS) To Detect Sensitive Information File Versioning on Linux Server

  • Rhenaldo Delfi Nugraha Fakultas Teknologi Informasi, Teknik Informatika, Universitas Kristen Satya Wacana
  • Dian Widiyanto Chandra Fakultas Teknologi Informasi Universitas Kristen Satya Wacana
Keywords: server, OWASP, sensitive information, file versioning, information security

Abstract

Abstract Website is a very popular medium for finding information. Building a website requires a lot of component files which will be stored on the server. To minimize website hacking, security is needed from the system side and the user side. Based on OWASP's TOP 10, one of the vulnerabilities that usually appears is the leakage of sensitive information due to the versioning file residing on the server. In order to minimize the leakage of sensitive information from these vulnerabilities, the authors created a Versioning Catcher Software (VCS) program which functions to detect the presence of these versioning files. The purpose of this research is to protect and prevent sensitive information from being leaked on the server. The results of the discussion of this research can be used to minimize the occurrence of server hacks as a result of the versioning file containing sensitive information that is not handled immediately.

Downloads

Download data is not yet available.

References

[1] M. Meucci, P. Luptak, and M. Morana, OWASP Testing Guide 4.0. Accessed: Dec. 03, 2020. [Online]. Available: https://owasp.org/www-project-web-security-testing-guide/stable/
[2] A. F. Akbar and I. Neforawati, “Penggunaan Teknologi Versioning Git dan Phinx untuk Pengembangan Aplikasi E-Commerce Berbasis Website,” E-Jurnalcom J. Has. Ris., 2017, Accessed: Dec. 03, 2020. [Online]. Available: https://www.e-jurnal.com/2017/04/penggunaan-teknologi-versioning-git-dan.html
[3] D. Milder, J. Garlicki, and W. Mincewicz, “The Internet Data Collection with the Google Hacking Tool – White, Grey or Black Open-Source Intelligence?,” Agencja Bezpieczeństwa Wewnętrznego, vol. 11, no. 20, pp. 280–300, Apr. 2019.
[4] M. M. Hassan, T. Bhuiyan, and S. Biswas, “An Investigation of Educational Web Applications in Bangladesh: A Case Study on Local File Disclosure Vulnerability,” Researchgate, 2016, Accessed: Dec. 27, 2020. [Online]. Available: https://www.researchgate.net/publication/311806770_An_Investigation_of_Educational_Web_Applications_in_Bangladesh_A_Case_Study_on_Local_File_Disclosure_Vulnerability
[5] M. Z. U. Haq, “GOOGLEDORK, SEBUAH PENDEKATAN LANJUTAN PEMANFAATAN MESIN PENCARI SEBAGAI PENUNJANG LITERASI INFORMASI,” Unilib J. Perpust., vol. 8, no. 1, pp. 29–32, Oct. 2018, doi: 10.20885/unilib.vol8.iss1.art3.
[6] I. Cernica, N. Popescu, and B. ţigănoaia, “Security Evaluation of Wordpress Backup Plugins,” Int. Conf. Control Syst. Comput. Sci. CSCS, pp. 312–316, May 2019, doi: 10.1109/CSCS.2019.00056.
[7] CWE Content Team, “CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory.” Accessed: May 27, 2021. [Online]. Available: https://cwe.mitre.org/data/definitions/538.html
[8] F. Toffalini, M. Abbà, D. Carra, and D. Balzarotti, “Google Dorks: Analysis, Creation, and New Defenses,” Lect. Notes Comput. Sci., Jul. 2016, doi: 10.1007/978-3-319-40667-1_13.
[9] PortSwigger, “Information Disclosure Vulnerabilities,” Information Disclosure. https://portswigger.net/web-security/information-disclosure (accessed Nov. 18, 2020).
[10] “How Google Search Works for Beginners | Google Search Central,” How Search Works (for beginners). https://developers.google.com/search/docs/basics/how-search-works (accessed May 27, 2021).
[11] Rakjong, “Backup-scan,” Backup-scan. https://github.com/rakjong/Backup-scan (accessed Jul. 13, 2021).
[12] M. Carlton, Y. Levy, and M. Ramim, “Mitigating cyber attacks through the measurement of non-IT professionals’ cybersecurity skills,” Inf. Comput. Secur., vol. 27, no. 1, pp. 101–121, Jan. 2019, doi: 10.1108/ICS-11-2016-0088.
[13] “Top 10 Web Application Security Risks,” OWASP Top 10 Web Application Security Risks. https://owasp.org/www-project-top-ten/ (accessed Jun. 30, 2021).
[14] B. Rodrigo Barbosa Cortes, “Utilizando Google Hacking para encontrar vulnerabilidades em sites,” Rev. Exército Bras., vol. v. 7 n. 2 (2017): O Comunicante, Sep. 2018, Accessed: Jul. 01, 2021. [Online]. Available: http://www.ebrevistas.eb.mil.br/OC/article/view/1724
Published
2021-07-19
How to Cite
Nugraha, R., & Chandra, D. (2021). Versioning Catcher Software (VCS) untuk mendeteksi Sensitive Information File Versioning pada Linux Server. AITI, 18(1), 14-33. https://doi.org/10.24246/aiti.v18i1.14-33
Section
Articles