scholarly journals Improving Webserver Security for Local Tax Reporting Applications Using Standard Penetration Testing Execution Methods

2020 ◽  
Author(s):  
Yosua Ade Pohan ◽  
Yuhandri Yunus ◽  
S Sumijan
Keyword(s):  
Information Security ◽  
Cyber Attacks ◽  
Security Systems ◽  
Penetration Testing ◽  
The Public ◽  
Ddos Attack ◽  
Vulnerability Testing ◽  
Standard Penetration Testing ◽  
Tax Reporting ◽  
Open Port

Regional Tax Reporting Application Webserver is one of the public services for taxpayers to report their sales transactions. This application can be accessed on the domain http://sptpd.payakumbuhkota.go.id. This application is public, so the principles of information security must be applied to prevent cyber attacks. The principles of information security include confidentiality, integrity, and availability. To apply this information security principle, it is necessary to conduct vulnerability assesment of the application webserver. This study aims to improve the security of the application webserver so that the data and information in it is secure. The method used in this study is the Penetration Testing Execution Standard which is one of the methods developed by the Pentest Organization to become a standard in analyzing or auditing security systems. The results of vulnerability testing using software Acunetix, Nikto, BurpSuite and Owasp, there are seven types of vulnerabilities, namely: X-Frame Header Options is Missing, CSRF Attack, Cookie Without Only Flash, DNS Vulnerability, Ddos Attack, Bruteforce Page Login and Open Port. The vulnerability can be exploited, where the level of application vulnerability is in the medium category. The recommendations for fixing vulnerabilities can be applied by the developer, so that after repairs are made, the vulnerability level of the application webserver is in the low category and there is only one type of vulnerability, namely BruteForce Page

scholarly journals Meningkatkan Keamanan Webserver Aplikasi Pelaporan Pajak Daerah Menggunakan Metode Penetration Testing Execution Standar

2021 ◽  
pp. 1-6
Author(s):  
Yosua Ade Pohan
Keyword(s):  
Information Security ◽  
Cyber Attacks ◽  
Brute Force ◽  
Security Systems ◽  
Penetration Testing ◽  
The Public ◽  
Ddos Attack ◽  
Vulnerability Testing ◽  
Tax Reporting ◽  
Open Port

Regional Tax Reporting Application Webserver is one of the public services for taxpayers to report their sales transactions. This application can be accessed on the domain http://sptpd.payakumbuhkota.go.id. This application is public, so the principles of information security must be applied to prevent cyber attacks. The principles of information security include confidentiality, integrity, and availability. To apply this information security principle, it is necessary to conduct vulnerability assesment of the application webserver. This study aims to improve the security of the application webserver so that the data and information in it is secure. The method used in this study is the Penetration Testing Execution Standard which is one of the methods developed by the Pentest Organization to become a standard in analyzing or auditing security systems. The results of vulnerability testing using software Acunetix, Nikto, BurpSuite and Owasp, there are seven types of vulnerabilities, namely: X-Frame Header Options is Missing, CSRF Attack, Cookie Without Only Flash, DNS Vulnerability, Ddos Attack, Bruteforce Page Login and Open Port. The vulnerability can be exploited, where the level of application vulnerability is in the medium category. The recommendations for fixing vulnerabilities can be applied by the developer, so that after repairs are made, the vulnerability level of the application webserver is in the low category and there is only one type of vulnerability, namely Brute Force Page Login.

scholarly journals ANALYSIS OF MATHEMATICAL METHODS OF MULTI-CRITERIA OPTIMIZATION AND DYNAMIC MANAGEMENT OF CYBERSECURITY RESOURCES OF INFORMATIZATION OBJECTS

2020 ◽  
Vol 72 (4) ◽  
pp. 162-167
Author(s):  
S.A. Аdiljanova ◽  
◽  
G.A. Тulepberdinova ◽  
M.J. Sakypbekova ◽  
N.A. Тekesbayeva ◽  
...  
Keyword(s):  
Genetic Algorithm ◽  
Information Security ◽  
Communication Systems ◽  
Cyber Attacks ◽  
Security System ◽  
Mathematical Methods ◽  
Dynamic Configuration ◽  
Security Systems ◽  
Dynamic Management ◽  
Information And Communication

The article discusses the possibility of modifying the genetic algorithm (GA) to solve the problems of selection, optimization and management of the dynamic configuration of information security means for the security chain of information and communication systems (ICS). The scientific novelty of the work lies in the fact that GA recommends using the total cost of information loss risks, as well as cost indicators for each class of information security systems as a criterion for optimizing the composition of the information security system. The genetic algorithm is considered as a kind of problem associated with multiple choice when optimizing the choice of information content of information security and solving problems of dynamic management of cybersecurity resources. In this concept, the optimization of the placement of the information security system along the security chain is considered as a modification of the combined backpack problem. The proposed approach allows not only to quickly calculate various versions of software and hardware information systems and their combinations for ICS, but also to dynamically manage the proposed algorithm with existing models and algorithms to optimize the composition of ICS cybersecurity chains and cybersecurity resources of various information objects. It is possible that such a combination of models and algorithms will quickly restore ICS protection by configuring profiles in accordance with the classes of new threats and cyber attacks.

scholarly journals Network Security Assessment Using Internal Network Penetration Testing Methodology

2018 ◽  
Vol 2 (4-2) ◽  
pp. 360
Author(s):  
Deni Satria ◽  
Alde Alanda ◽  
Aldo Erianda ◽  
Deddy Prayama
Keyword(s):  
Network Security ◽  
Computer Network ◽  
Cyber Attacks ◽  
Security System ◽  
Security Assessment ◽  
Security Risk ◽  
Security Systems ◽  
Penetration Testing ◽  
Internal Network ◽  
The Stability

The development of information technology is a new challenge for computer network security systems and the information contained in it, the level of awareness of the importance of network security systems is still very low. according to a survey conducted by Symantec, the desire to renew an existing security system within a year within a company has the result that only 13% of respondents consider changes to the security system to be important from a total of 3,300 companies worldwide as respondents. This lack of awareness results in the emergence of security holes that can be used by crackers to enter and disrupt the stability of the system. Every year cyber attacks increase significantly, so that every year there is a need to improve the security of the existing system. Based on that, a method is needed to periodically assess system and network security by using penetrarion testing methods to obtain any vulnerabilities that exist on the network and on a system so as to increase security and minimize theft or loss of important data. Testing is carried out by using internal network penetration testing method which tests using 5 types of attacks. From the results of the tests, each system has a security risk of 20-80%. From the results of these tests it can be concluded that each system has a security vulnerability that can be attacked.

A Review on Cyberattacks

2020 ◽  
pp. 98-126
Author(s):  
Gaganjot Kaur Saini ◽  
Malka N. Halgamuge ◽  
Pallavi Sharma ◽  
James Stephen Purkis
Keyword(s):  
Cyber Attacks ◽  
Wireless Sensor ◽  
Application Area ◽  
Security Measures ◽  
Security Systems ◽  
The Public ◽  
Government Sector ◽  
Research Questions ◽  
The Government ◽  
A Minor

Research questions remain to be answered in terms of discovering how security could be provided for different resources, such as data, devices, and networks. Most organizations compromise their security measures due to high budgets despite its primary importance in today's highly dependent cyber world and as such there are always some loopholes in security systems, which cybercriminals take advantage of. In this chapter, the authors have completed an analysis of data obtained from 31 peer-reviewed scientific research studies (2009-2017) describing cybersecurity issues and solutions. The results demonstrated that the majority of applications in this area are from the government and the public sector (17%) whereas transportation and other areas have a minor percentage (6%). This study determined that the government sector is the main application area in cybersecurity and is more susceptible to cyber-attacks whereas the wireless sensor network and healthcare areas are less exposed to attack.

A Review on Cyberattacks

2019 ◽  
pp. 183-219 ◽  
Author(s):  
Gaganjot Kaur Saini ◽  
Malka N. Halgamuge ◽  
Pallavi Sharma ◽  
James Stephen Purkis
Keyword(s):  
Cyber Attacks ◽  
Wireless Sensor ◽  
Application Area ◽  
Security Measures ◽  
Security Systems ◽  
The Public ◽  
Government Sector ◽  
Research Questions ◽  
The Government ◽  
A Minor

Research questions remain to be answered in terms of discovering how security could be provided for different resources, such as data, devices, and networks. Most organizations compromise their security measures due to high budgets despite its primary importance in today's highly dependent cyber world and as such there are always some loopholes in security systems, which cybercriminals take advantage of. In this chapter, the authors have completed an analysis of data obtained from 31 peer-reviewed scientific research studies (2009-2017) describing cybersecurity issues and solutions. The results demonstrated that the majority of applications in this area are from the government and the public sector (17%) whereas transportation and other areas have a minor percentage (6%). This study determined that the government sector is the main application area in cybersecurity and is more susceptible to cyber-attacks whereas the wireless sensor network and healthcare areas are less exposed to attack.

scholarly journals Vulnerability Assessment and Penetration Testing On The Xyz Website Using Nist 800-115 Standard

2022 ◽  
Vol 7 (1) ◽  
pp. 520
Author(s):  
Wasis Wardana ◽  
Ahmad Almaarif ◽  
Adityas Widjajarto
Keyword(s):  
Vulnerability Assessment ◽  
Communication Tool ◽  
Sql Injection ◽  
Penetration Testing ◽  
Content Type ◽  
The Public ◽  
Low Level ◽  
Medium Level ◽  
Vulnerability Testing ◽  
High Level

Currently the website has become an effective communication tool. However, it is essential to have vulnerabilities assessment and penetration testing using specific standards on released websites to the public for securing information. The problems raised in this research are conducting vulnerability testing on the XYZ website to analyze security gaps in the XYZ website, as well as conducting penetration testing on high vulnerabilities found. Testing was conducted using the NIST 800 – 115 Standard through 4 main stages: planning, discovery, attack, and report. Several tools were used: Nmap, OWASP ZAP, Burp Suite, and Foxy Proxy. This research results are presented and analyzed. There were seven vulnerabilities found, one high-level vulnerability, two medium-level vulnerabilities, and four low-level vulnerabilities. At the high level, SQL Injection types are found, at the medium level, Cross-Domains Misconfiguration and vulnerabilities are found, at the low level, Absence of Anti-CSRF Tokens, Incomplete or No Cache-control and Pragma HTTP Header Set, Server Leaks Information via “X-Powered-By” HTTP Response Header Field and X-Content-Type-Options Header Missing are found.

Parallel Combining Different Approaches to Multi-pattern Matching for Fpga-based Security Systems

2017 ◽  
Vol 5 (1) ◽  
pp. 8-15
Author(s):  
Sergii Hilgurt ◽  
Keyword(s):  
Information Security ◽  
Pattern Matching ◽  
Intrusion Detection System ◽  
Detection System ◽  
Finite Automata ◽  
Network Intrusion Detection ◽  
Security Systems ◽  
Analytical Technique ◽  
Network Intrusion ◽  
Pros And Cons

The multi-pattern matching is a fundamental technique found in applications like a network intrusion detection system, anti-virus, anti-worms and other signature- based information security tools. Due to rising traffic rates, increasing number and sophistication of attacks and the collapse of Moore’s law, traditional software solutions can no longer keep up. Therefore, hardware approaches are frequently being used by developers to accelerate pattern matching. Reconfigurable FPGA-based devices, providing the flexibility of software and the near-ASIC performance, have become increasingly popular for this purpose. Hence, increasing the efficiency of reconfigurable information security tools is a scientific issue now. Many different approaches to constructing hardware matching circuits on FPGAs are known. The most widely used of them are based on discrete comparators, hash-functions and finite automata. Each approach possesses its own pros and cons. None of them still became the leading one. In this paper, a method to combine several different approaches to enforce their advantages has been developed. An analytical technique to quickly advance estimate the resource costs of each matching scheme without need to compile FPGA project has been proposed. It allows to apply optimization procedures to near-optimally split the set of pattern between different approaches in acceptable time.

scholarly journals COVID-19 and Beyond: Employee Perceptions of the Efficiency of Teleworking and Its Cybersecurity Implications

2021 ◽  
Vol 13 (12) ◽  
pp. 6750
Author(s):  
Andreja Mihailović ◽  
Julija Cerović Smolović ◽  
Ivan Radević ◽  
Neli Rašović ◽  
Nikola Martinović
Keyword(s):  
Information Security ◽  
Latent Variables ◽  
Structural Equation ◽  
Relevant Literature ◽  
Cyber Attacks ◽  
Employee Perceptions ◽  
Organizational Efficiency ◽  
Digital Information ◽  
Starting Point ◽  
The Impact

The main idea of this research is to examine how teleworking has affected employee perceptions of organizational efficiency and cybersecurity before and during the COVID-19 pandemic. The research is based on an analytical and empirical approach. The starting point of the research is a critical and comprehensive analysis of the relevant literature regarding the efficiency of organizations due to teleworking, digital information security, and cyber risk management. The quantitative approach is based on designing a structural equation model (SEM) on a sample of 1101 respondents from the category of employees in Montenegro. Within the model, we examine simultaneously the impact of their perceptions on the risks of teleworking, changes in cyber-attacks during teleworking, organizations’ capacity to respond to cyber-attacks, key challenges in achieving an adequate response to cyber-attacks, as well as perceptions of key challenges related to cybersecurity. The empirical aspects of our study involve constructing latent variables that correspond to different elements of employee perception; namely, their perception of organizational efficiency and the extent to which the digital information security of their organizations has been threatened during teleworking during the pandemic.

Sign in / Sign up

Export Citation Format

Share Document