Analisis Kerentanan Pada Domain Repository Unjaya Menggunakan Kerangka Information System Security Assessment Framework (ISAFF)
Abstract
Vulnerability analysis on the Unjaya Repository website uses the ISSAF method for identifying and grouping identified vulnerabilities.. The purpose is to provide an in-depth understanding of the vulnerabilities that exist on the Repository site as a basis for the corrective steps needed to reduce security risks. The methods are information gathering, network mapping, vulnerability exposure, vulnerability grouping, IP addresses, active ports. Scanning using Nikto Scanner and Helium Security, 24 vulnerabilities detected in four levels, namely high, medium, low and informational. The results found at a high level of vulnerability in the form of disclosure of PII, at a medium level such as the absence of an Anti-CSRF Token, at a low level such as Application Error Disclosure, and at an information level such as Authentication Request Identified. This proves that there is a significant potential risk to the security of the Unjaya Repository site.
References
Asosias Penyelenggara Jasa Internet Indonesia,” apjii.or.id. Available : iiiiiiiii http://www.apjii.or.id/v2/read/page/halaman-data/9/statistik.html (accessed Feb. 26, 2024).
S. Hidayatulloh And D. Saptadiaji, “Penetration Testing Pada Website Universitas Ars Menggunakan Open Web Application Security Project (Owasp),” J. Algoritm., Vol. 18, No. 1, Pp. 77–86, 2021, Doi: 10.33364/Algoritma/V.18-1.827.
I. G. A. S. Sanjaya, G. M. A. Sasmita, And D. M. S. Arsa, “Evaluasi Keamanan Website Lembaga X Melalui Penetration Testing Menggunakan Framework Issaf,” J. Ilm. Merpati (Menara Penelit. Akad. Teknol. Informasi), Vol. 8, No. 2, P. 113, 2020, Doi: 10.24843/Jim.2020.V08.I02.P05.
A. Rochman, rizal R. Salam, and S. A. Maulana, “Analisis Keamanan Website dengan Information System Security Assessment Framework (Issaf) dan Open Web Application Security Project (Owasp) di Rumah Sakit Xyz,” Jurnal Indonesia Sosial Teknologi, vol. 2, no. 04, pp. 506–519, Apr. 2021, doi: https://doi.org/10.59141/jist.v2i04.124.
M. A. Nabila, P. E. Mas’udia, And R. Saptono, “Analysis And Implementation Of The Issaf Framework On Osstmm On Website Security Vulnerabilities Testing In Polinema,” Jartel, Vol. 13, No. 1, 2023, Doi: 10.33795/Jartel.V13i1.511.
G. Guntoro, L. Costaner, and M. Musfawati, “Analisis Keamanan Web Server Open Journal System (OJS) Menggunakan Metode ISSAF dan OWASP (Studi Kasus OJS Universitas Lancang Kuning),” JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), vol. 5, no. 1, p. 45, Jun. 2020, doi: https://doi.org/10.29100/jipi.v5i1.1565.
H. Herman, I. Riadi, Y. Kurniawan, And I. A. Rafiq, “Analisis Keamanan Website Menggunakan Information System Security Asessment Framework(Issaf),” J. Teknol. Inform. Dan Komput., Vol. 9, No. 1, Pp. 126–136, 2023, Doi: 10.37012/Jtik.V9i1.1439.
R. Umar, I. Riadi, M. Ihya, And A. Elfatiha, “Analisis Keamanan Sistem Informasi Akademik Berbasis Web Menggunakan Framework Issaf,” Jutisi J. Ilm. Tek. Inform. Dan Sist. Inf., Vol. 12, No. 1, Pp. 280–292, 2023.
Dan S. A. M. Agus Rochman, Rizal Rohian Salam, “Analisis Keamanan Website Dengan Information System Security Assessment Framework (Issaf) Dan Open Web Application Security Project (Owasp) Di Rumah Sakit Xyz,” vol. 2, no. 4, p. 6, 2021.
N. Karangle, A. K. Mishra, and D. A. Khan, “Comparison of Nikto and Uniscan for measuring URL vulnerability,” 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Jul. 2019, doi: https://doi.org/10.1109/icccnt45670.2019.8944463.
Erik Andri Budiman and Girindro Pringgo Digdo, “Perancangan Fitur Audit Security Configuration Compliance Pada Aplikasi Helium Security,” Indonesian Journal Computer Science, vol. 2, no. 2, pp. 67–76, Oct. 2023, doi: https://doi.org/10.31294/ijcs.v2i2.2481.
S. Eko Prasetyo and N. Hassanah, “Analisis Keamanan Website Universitas Internasional Batam Menggunakan Metode ISSAF,” JURNAL ILMIAH INFORMATIKA, vol. 9, no. 02, pp. 82–86, Sep. 2021, doi: https://doi.org/10.33884/jif.v9i02.3758.
A. Ahmad Aji Guntur Saputra, “Scanning Website menggunakan Zenmap,” Scanning Website menggunakan Zenmap, Apr. 2020, Accessed: Feb. 26, 2024. [Online]. Available: http://edocs.ilkom.unsri.ac.id/3872/