scholarly journals Hybrid Computational Modeling for Web Application Security Assessment

2022 ◽  
Vol 70 (1) ◽  
pp. 469-489
Author(s):  
Adil Hussain Seh ◽  
Jehad F. Al-Amri ◽  
Ahmad F. Subahi ◽  
Md Tarique Jamal Ansari ◽  
Rajeev Kumar ◽  
...  
Keyword(s):  
Computational Modeling ◽  
Web Application ◽  
Security Assessment ◽  
Web Application Security ◽  
Application Security

Practical Web Application Security Audit Following Industry Standards and Compliance

2011 ◽  
pp. 259-279
Author(s):  
Shakeel Ali
Keyword(s):  
Web Application ◽  
Assessment Process ◽  
Security Assessment ◽  
Web Application Security ◽  
Application Security ◽  
Security Issues ◽  
Pci Dss ◽  
Industry Standards ◽  
Before And After ◽  
Security Standards

A rapidly changing face of internet threat landscape has posed remarkable challenges for security professionals to thwart their IT infrastructure by applying advanced defensive techniques, policies, and procedures. Today, nearly 80% of total applications are web-based and externally accessible depending on the organization policies. In many cases, number of security issues discovered not only depends on the system configuration but also the application space. Rationalizing security functions into the application is a common practice but assessing their level of resiliency requires structured and systematic approach to test the application against all possible threats before and after deployment. The application security assessment process and tools presented here are mainly focused and mapped with industry standards and compliance including PCI-DSS, ISO27001, GLBA, FISMA, SOX, and HIPAA, in order to assist the regulatory requirements. Additionally, to retain a defensive architecture, web application firewalls have been discussed and a map between well-established application security standards (WASC, SANS, OWASP) is prepared to represent a broad view of threat classification.

scholarly journals Analisis Keamanan Website dengan Information System Security Assessment Framework (Issaf) dan Open Web Application Security Project (Owasp) di Rumah Sakit Xyz

2021 ◽  
Vol 2 (4) ◽  
pp. 506-519
Author(s):  
Agus Rochman ◽  
Rizal Rohian Salam ◽  
Sandi Agus Maulana
Keyword(s):  
Information System ◽  
Web Application ◽  
Web Server ◽  
System Security ◽  
Security Assessment ◽  
Assessment Framework ◽  
Web Application Security ◽  
Application Security ◽  
Information System Security

Sistem keamanan komputer semakin dibutuhkan seiring dengan meningkatnya pengguna yang terhubung ke jaringan internet, hal ini dapat memicu terjadinya tindak kejahatan cyber oleh orang yang tidak bertanggung jawab. Penelitian ini dilakukan pada Sistem Informasi sebuah Rumah Sakit. Salah satunya web server untuk informasi HRD. Sistem ini berisikan data karyawan dan data absensi karyawan. Keamanan webserver biasanya merupakan masalah bagi administrator. Sering kali permasalahan tersebut terabaikan dan permasalahan dapat ditelusuri ketika terjadi bencana. Tanpa sistem keamanan yang baik, sehebat apapun teknologi sistem informasi akan membahayakan suatu instansi atau organisasi itu sendiri. Berdasarkan latar belakang tersebut, maka dibutuhkan evaluasi mengenai adanya celah keamanan (vulnerability) dan kelemahan dari website sistem informasi HRD.  Metode penelitian menggunakan Information System Security Assesment Framework dan Open Web Application Security Project dengan menggunakan tools nikto untuk mencari celah keamanan (vulnerability), owas zap dan sistem operasi menggunakan linux. Hasil Pengujian disimpulkan dapat menjadi solusi untuk mengatasi permasalahan terhadap kelemahan webserver Sistem Informasi HRD. Pengujian  sebaiknya dilakukan lebih dari 1 kali secara mendalam, melakukan proses maintenance terhadap hardware, software, maupun jaringan, melakukan filter port dan melakukan peningkatkan keamanan server secara berkala, baik dengan cara menggunakan antivirus original maupun scanning secara berkala.

scholarly journals A testing framework for Web application security assessment

2005 ◽  
Vol 48 (5) ◽  
pp. 739-761 ◽  
Author(s):  
Yao-Wen Huang ◽  
Chung-Hung Tsai ◽  
Tsung-Po Lin ◽  
Shih-Kun Huang ◽  
D.T. Lee ◽  
...  
Keyword(s):  
Web Application ◽  
Security Assessment ◽  
Web Application Security ◽  
Application Security ◽  
Testing Framework

scholarly journals Mendeteksi Kerentanan Keamanan Aplikasi Website Menggunakan Metode Owasp (Open Web Application Security Project) Untuk Penilaian Risk Rating

2019 ◽  
Vol 4 (4) ◽  
pp. 264
Author(s):  
Bahrun Ghozali ◽  
Kusrini Kusrini ◽  
Sudarmawan Sudarmawan
Keyword(s):  
Web Application ◽  
Security Assessment ◽  
Web Application Security ◽  
Code Review ◽  
Application Security ◽  
Risk Rating

Mendeteksi kerentanan keamanan aplikasi berbasis website adalah hal yang penting, dan dapat memperkirakan resiko yang ada terhadap keberlangsungan suatu bisnis.  Terjadinya transisi bisnis tradisional ke dalam lingkup aplikasi berbasis website dimanfaatkan oleh beberapa pelaku kejahatan dunia maya dengan tujuan mencuri informasi rahasia pengguna demi keuntungan pribadi. Walaupun para developer sudah mencari permasalahan keamanan dengan menggunakan code review atau uji penetrasi. Terkadang masalah tidak akan ditemukan hingga aplikasi sudah masuk tahap produksi bahkan hingga aplikasi sudah diretas. Penelitian ini akan menerapkan  mekanisme metode asesmen resiko pada sistem informasi harga komoditas utama yang dibangun oleh PT.Gitsolution. Dimana sistem tersebut merupakan informasi harga pokok untuk kehidupan sehari-hari yang dikelola oleh salah satu instansi pemerintah yang ada di Indonesia. Untuk mengetahui tingkat resiko pada sistem informasi harga komoditas utama menggunakan metode Open Web Application Security Project (OWASP) Risk Rating untuk mendeteksi kerentanan keamanan pada aplikasi berbasis website. Penelitian ini menghasilkan tingkat resiko pada aplikasi berbasis website.Kata kunci— Vulnerability – OWASP, Risk Rating, Security Assessment.

scholarly journals Preventive Measures for Cross Site Request Forgery Attacks on Web-based Applications

2018 ◽  
Vol 7 (4.15) ◽  
pp. 130
Author(s):  
Emil Semastin ◽  
Sami Azam ◽  
Bharanidharan Shanmugam ◽  
Krishnan Kannoorpatti ◽  
Mirjam Jonokman ◽  
...  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Operating Cycle ◽  
Web Application Security ◽  
Web Based ◽  
Business World ◽  
Application Security ◽  
Server Side ◽  
Combined Solution ◽  
Cross Site Request Forgery

Today’s contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.  

Sign in / Sign up

Export Citation Format

Share Document