Security Audit for Vulnerability Detection and Mitigation of UPT Integrated Laboratory (ILab) ITERA Website Based on OWASP Zed Attack Proxy (ZAP)
Main Article Content
Abstract
Information technology now has many positive and negative effects on comfort. One of the negative effects of this technology is high level security attacks that can exploit various vulnerabilities and loopholes. Vulnerability testing (security audits) is therefore necessary to identify and overcome the vulnerabilities of the risks raised. The author is UPT Terpada Laboratory (Ilab) ITERA (https:http://ilab.itera.ac.id), a website maintained by his UPT Institute at the University of Technology Sumatra. This website contains all information about the labs of the University of Technology of Sumatra. Security audits are performed using the OWASP ZAP tool. A security check was performed on web ilab.itera.ac.id and the high priority alert results are: 1 vulnerability, medium priority warning: Three vulnerabilities, low priority warnings: Seven vulnerabilities and information: 3 vulnerabilities.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
The Authors submitting a manuscript do so on the understanding that if accepted for publication, copyright of the article shall be assigned to JTIK journal and Research Division, KITA Institute as the publisher of the journal. Copyright encompasses rights to reproduce and deliver the article in all form and media, including reprints, photographs, microfilms, and any other similar reproductions, as well as translations.
JTIK journal and Research Division, KITA Institute and the Editors make every effort to ensure that no wrong or misleading data, opinions or statements be published in the journal. In any way, the contents of the articles and advertisements published in JTIK journal are the sole and exclusive responsibility of their respective authors and advertisers.
The Copyright Transfer Form can be downloaded here: [Copyright Transfer Form JTIK]. The copyright form should be signed originally and send to the Editorial Office in the form of original mail, scanned document or fax :
Muhammad Wali (Editor-in-Chief)
Editorial Office of Jurnal JTIK (Jurnal Teknologi Informasi dan Komunikasi)
Research Division, KITA Institute
Teuku Nyak Arief Street Nomor : 7b, Lamnyong, Lamgugop, Kota Banda Aceh
Telp./Fax: 0651-8070141
Email: jtik@lembagakita.org - journal@lembagakita.org
References
Krisdiyawan, R.D. and Kuswantoro, R.H., 2017. Audit keamanan sistem informasi pada rs mata dr. Yap yogyakarta menggunakan framework cobit 5. Jurnal Ilmiah Manajemen Informasi dan Komunikasi, 1(1), pp.8-15.
Aritonang, I.J., Udayanti, E.D. and Iksan, N., 2018. Audit Keamanan Sistem Informasi Menggunakan Framework Cobit 5 (APO13). ITEJ (Information Technology Engineering Journals), 3(2), pp.6-10. DOI: 10.24235/itej.v3i2.27.
Ashari, I.F., Aryani, A.J. and Ardhi, A.M., 2022. Design and Build Inventory Management Information System Using The Scrum Method. JSiI (Jurnal Sistem Informasi), 9(1), pp.27-35. DOI: https://doi.org/10.30656/jsii.v9i1.4050.
Ashari, I.F., 2021. The Evaluation of Image Messages in MP3 Audio Steganography Using Modified Low-Bit Encoding. Evaluation, 14(2).
Kusumoningtyas, A.A., 1997. Dilema Hak Perlindungan Data Pribadi Dan Pengawasan Siber: Tantangan Di Masa Depan. Law Review, 66, pp.177-205. DOI: 10.54629/jli.v17i2.706.
Purba, A.D., Purnawan, I.K.A. and Pratama, I.P.A.E., 2018. Audit Keamanan TI Menggunakan Standar ISO/IEC 27002 Dengan COBIT 5. Jurnal Ilmiah Merpati (Menara Penelitian Akademika Teknologi Informasi), pp.148-158. DOI: 10.24843/jim.2018.v06.i03.p01.
Wicaksono, B., 2020. Pengujian Celah Keamanan Aplikasi Berbasis Web Menggunakan Teknik Penetration Testing Dan Dast (Dynamic Application Security Testing) (Doctoral dissertation, Institut Sains dan Teknologi AKPRIND Yogyakarta).
Ghozali, B., Kusrini, K. and Sudarmawan, S., 2019. Mendeteksi Kerentanan Keamanan Aplikasi Website Menggunakan Metode Owasp (Open Web Application Security Project) Untuk Penilaian Risk Rating. Creative Information Technology Journal, 4(4), pp.264-275. DOI: 10.24076/citec.2017v4i4.119.
Sunaringtyas, S.U. and Prayoga, D.S., 2021. Implementasi Penetration Testing Execution Standard Untuk Uji Penetrasi Pada Layanan Single Sign-On. Edu Komputika Journal, 8(1), pp.48-56. DOI: https://doi.org/10.15294/edukomputika.v8i1.47179.
Elanda, A. and Buana, R.L., 2020. Analisis Keamanan Sistem Informasi Berbasis Website Dengan Metode Open Web Application Security Project (OWASP) Versi 4: Systematic Review. CESS (Journal of Computer Engineering, System and Science), 5(2), pp.185-191. DOI: 10.24114/cess.v5i2.17149.
Riadi, I., Umar, R. and Lestari, T., 2020. Analisis Kerentanan Serangan Cross Site Scripting (XSS) pada Aplikasi Smart Payment Menggunakan Framework OWASP. JISKA (Jurnal Informatika Sunan Kalijaga), 5(3), pp.146-152. DOI: 10.14421/jiska.2020.53-02.
Ashari, I.F. and Alfarizi, M., 2022. Vulnerability Analysis And Proven On The neonime. co Website using OWASP Zap 4 and XSpear. JTKSI (Jurnal Teknologi Komputer dan Sistem Informasi), 5(2), pp.75-81. DOI: 10.56327/jtksi.v5i2.1130.
Hariyadi, D. and Nastiti, F.E., 2021. Analisis Keamanan Sistem Informasi Menggunakan Sudomy dan OWASP ZAP di Universitas Duta Bangsa Surakarta. Jurnal Komtika (Komputasi dan Informatika), 5(1), pp.35-42. DOI: 10.31603/komtika.v5i1.5134.
Yudiana, Y., Elanda, A. and Buana, R.L., Analisis Kualitas Keamanan Sistem Informasi E-Office Berbasis Website Pada STMIKRosma Dengan Menggunakan OWASP Top 10. CESS (Journal of Computer Engineering, System and Science), 6(2), pp.37-43. DOI: 10.24114/cess.v6i2.24777.
Mburano, B. and Si, W., 2018, December. Evaluation of web vulnerability scanners based on owasp benchmark. In 2018 26th International Conference on Systems Engineering (ICSEng) (pp. 1-6). IEEE. DOI: 10.1109/ICSENG.2018.8638176.
Zen, B.P., Gultom, R.A. and Reksoprodjo, A.H., 2020. Analisis Security Assessment Menggunakan Metode Penetration Testing dalam Menjaga Kapabilitas Keamanan Teknologi Informasi Pertahanan Negara. Teknologi Penginderaan, 2(1).
Ashari, I.F., 2020. Implementation of cyber-physical-social system based on service oriented architecture in smart tourism. Journal of Applied Informatics and Computing, 4(1), pp.66-73. DOI: https://doi.org/10.30871/jaic.v4i1.2077.
Ashari, I.F. and Munir, R., 2018, September. Graph Steganography Based On Multimedia Cover To Improve Security and Capacity. In 2018 International Conference on Applied Information Technology and Innovation (ICAITI) (pp. 194-201). IEEE. DOI: 10.1109/ICAITI.2018.8686741.