scholarly journals Analisis Keamanan Sistem Informasi Berbasis Website Dengan Metode Open Web Application Security Project (OWASP) Versi 4: Systematic Review

2020 ◽  
Vol 5 (2) ◽  
pp. 185
Author(s):  
Anggi Elanda ◽  
Robby Lintang Buana
Keyword(s):  
Systematic Review ◽  
Information System ◽  
Web Application ◽  
Web Server ◽  
Security Level ◽  
Web Application Security ◽  
Web Based ◽  
Non Profit ◽  
Application Security

Abstract -- OWASP (Open Web Application Security Project) version 4 issued by a non-profit organization called owasp.org which is dedicated to the security of web-based applications. This systematic review is intended to review whether the Open Web Application Security Project (OWASP) method is widely used to detect security in a website-based Information System. In this systematic review, we review 3 literature from several publisher sources and make a comparison regarding OWASP version 4 results and the security level of a web server from the publisher's source.Keywords— OWASP, Website Vulnerability, Website Security Detection

scholarly journals Analisis Keamanan Website dengan Information System Security Assessment Framework (Issaf) dan Open Web Application Security Project (Owasp) di Rumah Sakit Xyz

2021 ◽  
Vol 2 (4) ◽  
pp. 506-519
Author(s):  
Agus Rochman ◽  
Rizal Rohian Salam ◽  
Sandi Agus Maulana
Keyword(s):  
Information System ◽  
Web Application ◽  
Web Server ◽  
System Security ◽  
Security Assessment ◽  
Assessment Framework ◽  
Web Application Security ◽  
Application Security ◽  
Information System Security

Sistem keamanan komputer semakin dibutuhkan seiring dengan meningkatnya pengguna yang terhubung ke jaringan internet, hal ini dapat memicu terjadinya tindak kejahatan cyber oleh orang yang tidak bertanggung jawab. Penelitian ini dilakukan pada Sistem Informasi sebuah Rumah Sakit. Salah satunya web server untuk informasi HRD. Sistem ini berisikan data karyawan dan data absensi karyawan. Keamanan webserver biasanya merupakan masalah bagi administrator. Sering kali permasalahan tersebut terabaikan dan permasalahan dapat ditelusuri ketika terjadi bencana. Tanpa sistem keamanan yang baik, sehebat apapun teknologi sistem informasi akan membahayakan suatu instansi atau organisasi itu sendiri. Berdasarkan latar belakang tersebut, maka dibutuhkan evaluasi mengenai adanya celah keamanan (vulnerability) dan kelemahan dari website sistem informasi HRD.  Metode penelitian menggunakan Information System Security Assesment Framework dan Open Web Application Security Project dengan menggunakan tools nikto untuk mencari celah keamanan (vulnerability), owas zap dan sistem operasi menggunakan linux. Hasil Pengujian disimpulkan dapat menjadi solusi untuk mengatasi permasalahan terhadap kelemahan webserver Sistem Informasi HRD. Pengujian  sebaiknya dilakukan lebih dari 1 kali secara mendalam, melakukan proses maintenance terhadap hardware, software, maupun jaringan, melakukan filter port dan melakukan peningkatkan keamanan server secara berkala, baik dengan cara menggunakan antivirus original maupun scanning secara berkala.

scholarly journals Preventive Measures for Cross Site Request Forgery Attacks on Web-based Applications

2018 ◽  
Vol 7 (4.15) ◽  
pp. 130
Author(s):  
Emil Semastin ◽  
Sami Azam ◽  
Bharanidharan Shanmugam ◽  
Krishnan Kannoorpatti ◽  
Mirjam Jonokman ◽  
...  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Operating Cycle ◽  
Web Application Security ◽  
Web Based ◽  
Business World ◽  
Application Security ◽  
Server Side ◽  
Combined Solution ◽  
Cross Site Request Forgery

Today’s contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.  

scholarly journals Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP)

2021 ◽  
Vol 18 (1) ◽  
pp. 77-86
Author(s):  
Syarif Hidayatulloh ◽  
Desky Saptadiaji
Keyword(s):  
Web Application ◽  
Web Server ◽  
Web Application Security ◽  
Penetration Testing ◽  
Application Security

Universitas ARS adalah perguruan tinggi yang memanfaatkan website dalam melakukan kegiatan perkuliahannya. Seluruh informasi yang berkaitan dengan perkuliahan dimuat di website Universitas ARS. Banyak resiko yang akan terjadi apabila web server yang digunakan oleh website Universitas ARS tidak memiliki keamanan yang baik, banyak ancaman dari pihak yang tidak bertanggung jawab memanfaatkan celah keamanan untuk merugikan Universitas ARS. Tujuan penelitian ini adalah melakukan identifikasi kerentanan yang terdapat dalam website Universitas ARS dan melakukan pengujian serta analisis untuk mengetahui kondisi kerentanan website Universitas ARS menggunakan OWASP. Metode penelitian yang digunakan sebagai parameter keamanan website adalah OWASP Top-10 2017. Jumlah subdomain yang diuji adalah 5 subdomain yang teridentifikasi dengan melakukan scanning menggunakan tool TheHarvester diantaranya adalah https://universitas.ars.ac.id, http://mahasiswa.ars.ac.id, https://pmb.ars.ac.id, https://beasiswa.ars.ac.id, dan http://ejurnal.ars.ac.id. Hasil dari penelitian ini adalah ditemukannya kerentanan website Universitas ARS yang berhasil dipindai adalah 13 kerentanan. Dari 13 kerentanan tersebut ada 1 kerentanan yang berada pada tingkat ancaman yang sedang dan 12 berada pada tingkat ancaman yang rendah.   Berdasarkan seluruh pengujian kerentanan yang dilakukan dapat disimpulkan bahwa website Universitas ARS memiliki keamanan yang sangat baik, memenuhi ketiga aspek keamanan informasi, memiliki web server dan software sistem informasi akademik yang aman.

Countering Cross-Site Scripting in Web-based Applications

2015 ◽  
Vol 6 (1) ◽  
pp. 57-68 ◽  
Author(s):  
Loye Lynn Ray
Keyword(s):  
Web Sites ◽  
Web Application ◽  
Information Source ◽  
Web Application Security ◽  
Web Based ◽  
Application Security ◽  
Dynamic Web ◽  
Web Vulnerabilities ◽  
Cross Site

Today's dynamic web-based applications have become a normal and critical asset to an organizations business. They come with an increase in the number of web vulnerabilities and attacks. These weaknesses allow hackers to focus their attention on attacking this important information source. The most common vulnerability is cross-site scripting (XSS) and one of the Open Web Application Security project (OWASP) top ten web-threats. XSS occurs when a Web-based application allows untrusted information be accepted and sent back to a browser. Also they can execute scripts within a browser that can deface web sites, redirect users to malicious content and hijack browsers. One reason for this problem was the lack of developers understanding the causes of XSS. In this paper, the authors address the causes of XSS and countermeasures to defense against these threats.

Systematic review of web application security development model

2013 ◽  
Vol 43 (2) ◽  
pp. 259-276 ◽  
Author(s):  
Bala Musa Shuaibu ◽  
Norita Md Norwawi ◽  
Mohd Hasan Selamat ◽  
Abdulkareem Al-Alwani
Keyword(s):  
Systematic Review ◽  
Web Application ◽  
Development Model ◽  
Web Application Security ◽  
Application Security

scholarly journals Systematic Review of Web Application Security Vulnerabilities Detection Methods

2015 ◽  
Vol 03 (09) ◽  
pp. 28-40 ◽  
Author(s):  
Sajjad Rafique ◽  
Mamoona Humayun ◽  
Zartasha Gul ◽  
Ansar Abbas ◽  
Hasan Javed
Keyword(s):  
Systematic Review ◽  
Web Application ◽  
Detection Methods ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Application Security

scholarly journals Web Application Penetration Testing Using SQL Injection Attack

2021 ◽  
Vol 5 (3) ◽  
pp. 320
Author(s):  
Alde Alanda ◽  
Deni Satria ◽  
M.Isthofa Ardhana ◽  
Andi Ahmad Dahlan ◽  
Hanriyawan Adnan Mooduto
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Rapid Development ◽  
Security Level ◽  
Sensitive Information ◽  
Sql Injection ◽  
Web Application Security ◽  
Penetration Testing ◽  
Application Security ◽  
Sql Injection Attack

A web application is a very important requirement in the information and digitalization era. With the increasing use of the internet and the growing number of web applications, every web application requires an adequate security level to store information safely and avoid cyber attacks. Web applications go through rapid development phases with short turnaround times, challenging to eliminate vulnerabilities. The vulnerability on the web application can be analyzed using the penetration testing method. This research uses penetration testing with the black-box method to test web application security based on the list of most attacks on the Open Web Application Security Project (OWASP), namely SQL Injection. SQL injection allows attackers to obtain unrestricted access to the databases and potentially collecting sensitive information from databases. This research randomly tested several websites such as government, schools, and other commercial websites with several techniques of SQL injection attack. Testing was carried out on ten websites randomly by looking for gaps to test security using the SQL injection attack. The results of testing conducted 80% of the websites tested have a weakness against SQL injection attacks. Based on this research, SQL injection is still the most prevalent threat for web applications. Further research can explain detailed information about SQL injection with specific techniques and how to prevent this attack.

Countering Cross-Site Scripting in Web-Based Applications

2018 ◽  
pp. 370-383
Author(s):  
Loye Lynn Ray
Keyword(s):  
Web Sites ◽  
Web Application ◽  
Information Source ◽  
Web Application Security ◽  
Web Based ◽  
Application Security ◽  
Dynamic Web ◽  
Web Vulnerabilities ◽  
Cross Site

Today's dynamic web-based applications have become a normal and critical asset to an organizations business. They come with an increase in the number of web vulnerabilities and attacks. These weaknesses allow hackers to focus their attention on attacking this important information source. The most common vulnerability is cross-site scripting (XSS) and one of the Open Web Application Security project (OWASP) top ten web-threats. XSS occurs when a Web-based application allows untrusted information be accepted and sent back to a browser. Also they can execute scripts within a browser that can deface web sites, redirect users to malicious content and hijack browsers. One reason for this problem was the lack of developers understanding the causes of XSS. In this paper, the authors address the causes of XSS and countermeasures to defense against these threats.

scholarly journals Analisis Kualitas Keamanan Sistem Informasi E-Office Berbasis Website Pada STMIK Rosma Dengan Menggunakan OWASP Top 10

2021 ◽  
Vol 6 (2) ◽  
pp. 185
Author(s):  
Yudiana Yudiana ◽  
Anggi Elanda ◽  
Robby Lintang Buana
Keyword(s):  
Web Application ◽  
Web Application Security ◽  
Non Profit ◽  
Application Security

STMIK ROSMA Karawang telah menerapkan pengarsipan dokumen surat di kampus, yang mana kesemuanya diatur secara daring (online) menggunakan sistem informasi e-office berbasis web. Sejak tahun 2020, Sistem Informasi e-office beberapa kali mengalami pengembangan dari sisi fitur yaitu fitur booking nomor surat dengan metode multiple insert query maupun data yang disimpan. Data tersebut menyimpan data dokumen surat baik itu surat masuk, surat keputusan, surat keuangan, surat keluar ketua, surat keluar wakil ketua dan surat keluar akademik STMIK ROSMA. Mengingat pentingnya data yang tersimpan maka perlu diterapkan pengujian keamanan dari sistem informasi e-office. Pengujian keamanan tersebut dilakukan untuk mengetahui tingkat kerentanan agar terhindar dari pihak yang tidak bertanggung jawab. Salah satu metode untuk menguji sistem informasi berbasis web adalah metode OWASP (Open Web Application Security Project) TOP 10 yang dikeluarkan oleh owasp.org sebuah organisasi non profit yang berdedikasi pada keamanan aplikasi berbasis web. Hasil pengujian menggunakan OWASP TOP 10 menunjukkan 10 kerentanan yang sering terjadi terhadap sistem informasi berbasis website sehingga perlu dilakukan perbaikan lebih lanjut oleh pihak pengembang sistem informasi e-office STMIK ROSMA.

Sign in / Sign up

Export Citation Format

Share Document