scholarly journals ANALISIS KEAMANAN WEBSITE SMAN 1 SUMBAWA MENGGUNAKAN METODE VULNERABILITY ASESEMENT

2021 ◽  
Vol 3 (3) ◽  
pp. 394-400
Author(s):  
Yudi Mulyanto ◽  
Eka Haryanti ◽  
Jumirah Jumirah
Keyword(s):  
Information System ◽  
Vulnerability Assessment ◽  
School Administration ◽  
Assessment Method ◽  
Sql Injection ◽  
Vulnerability Testing ◽  
Four Levels ◽  
Result Analysis

SMAN 1 Sumbawa is a school that provides information to students through a website-based information system to facilitate school administration services. Considering that the Website can be accessed widely, it is necessary to pay attention to the security of the Website. One of them is by using the Vulnerability Assessment method. The Vulnerability Assessment method is a method for conducting vulnerability testing on a website or application that has the potential to enter an attack which consists of several stages such as Network Discovering, Vulnerability Scanning, and Result Analysis. This stage aims to identify security holes on the SMAN 1 Sumbawa website. The tests that have been carried out have identified four levels of vulnerability, namely high, medium, low, and informational on the SMAN 1 Sumbawa website. The hight vulnerability level obtained is SQL Injection. The SQL Injection vulnerability makes it easy for attackers to access the entire database. The results of the tests that have been carried out show that the SMAN 1 Sumbawa Website has many vulnerabilities or Vulnerability that the SMAN 1 Sumbawa Website is still in an unsafe state.

scholarly journals Vulnerability Assessment and Penetration Testing On The Xyz Website Using Nist 800-115 Standard

2022 ◽  
Vol 7 (1) ◽  
pp. 520
Author(s):  
Wasis Wardana ◽  
Ahmad Almaarif ◽  
Adityas Widjajarto
Keyword(s):  
Vulnerability Assessment ◽  
Communication Tool ◽  
Sql Injection ◽  
Penetration Testing ◽  
Content Type ◽  
The Public ◽  
Low Level ◽  
Medium Level ◽  
Vulnerability Testing ◽  
High Level

Currently the website has become an effective communication tool. However, it is essential to have vulnerabilities assessment and penetration testing using specific standards on released websites to the public for securing information. The problems raised in this research are conducting vulnerability testing on the XYZ website to analyze security gaps in the XYZ website, as well as conducting penetration testing on high vulnerabilities found. Testing was conducted using the NIST 800 – 115 Standard through 4 main stages: planning, discovery, attack, and report. Several tools were used: Nmap, OWASP ZAP, Burp Suite, and Foxy Proxy. This research results are presented and analyzed. There were seven vulnerabilities found, one high-level vulnerability, two medium-level vulnerabilities, and four low-level vulnerabilities. At the high level, SQL Injection types are found, at the medium level, Cross-Domains Misconfiguration and vulnerabilities are found, at the low level, Absence of Anti-CSRF Tokens, Incomplete or No Cache-control and Pragma HTTP Header Set, Server Leaks Information via “X-Powered-By” HTTP Response Header Field and X-Content-Type-Options Header Missing are found.

scholarly journals Research Methodology of the Method of Optimization of Information Interaction in the Aspect of Solving the User's Problem

Telecom IT ◽  
2019 ◽  
Vol 7 (4) ◽  
pp. 50-58
Author(s):  
M. Buinevich ◽  
P. Kurta
Keyword(s):  
Information System ◽  
Scientific Research ◽  
Interaction Model ◽  
Software Tool ◽  
Assessment Method ◽  
Performance Criteria ◽  
Model Interaction ◽  
Scenario Optimization ◽  
Information Interaction ◽  
Scientific Results

Research subject. Information interaction of the user with the information system. Objective. Improving the efficiency of user interaction with the information system to solve the main problem by customizing its interface and work script. Core results. The proposed methodology of scientific research aimed at achieving the goal, and consisting of 3 steps. As a result of each of them, the following main scientific results are expected to be obtained: interaction model, interaction assessment method, interaction optimization method. Also, it is expected to obtain private scientific results: the classification of the disadvantages of interaction, the influence of its parameters on the final efficiency, the architecture of the interface and scenario optimization system. Main conclusions. The proposed research scheme is scientifically correct and allows you to conduct a fullfledged scientific research and achieve the goal of the work. As a result, a method and a software tool will be developed that will make it possible to adjust a specific interface and a scenario for its work according to its own performance criteria - potency, operativeness and resource efficiency; at the same time, the general logic of solving the problem by the information system will remain unchanged.

scholarly journals Phát triển Framework ứng dụng AI hỗ trợ tự động khai thác lỗ hổng bảo mật

2022 ◽  
Vol 1 (13) ◽  
pp. 80-92
Author(s):  
Nguyễn Mạnh Thiên ◽  
Phạm Đăng Khoa ◽  
Nguyễn Đức Vượng ◽  
Nguyễn Việt Hùng
Keyword(s):  
Information System ◽  
Reinforcement Learning ◽  
Information Security ◽  
Vulnerability Assessment ◽  
Large Scale ◽  
Learning Technology ◽  
Security Assessment ◽  
Security Vulnerability ◽  
Different Levels

Tóm tắt—Hiện nay, nhiệm vụ đánh giá an toàn thông tin cho các hệ thống thông tin có ý nghĩa quan trọng trong đảm bảo an toàn thông tin. Đánh giá/khai thác lỗ hổng bảo mật cần được thực hiện thường xuyên và ở nhiều cấp độ khác nhau đối với các hệ thống thông tin. Tuy nhiên, nhiệm vụ này đang gặp nhiều khó khăn trong triển khai diện rộng do thiếu hụt đội ngũ chuyên gia kiểm thử chất lượng ở các cấp độ khác nhau. Trong khuôn khổ bài báo này, chúng tôi trình bày nghiên cứu phát triển Framework có khả năng tự động trinh sát thông tin và tự động lựa chọn các mã để tiến hành khai thác mục tiêu dựa trên công nghệ học tăng cường (Reinforcement Learning). Bên cạnh đó Framework còn có khả năng cập nhật nhanh các phương pháp khai thác lỗ hổng bảo mật mới, hỗ trợ tốt cho các cán bộ phụ trách hệ thống thông tin nhưng không phải là chuyên gia bảo mật có thể tự động đánh giá hệ thống của mình, nhằm giảm thiểu nguy cơ từ các cuộc tấn công mạng. Abstract—Currently, security assessment is one of the most important proplem in information security. Vulnerability assessment/exploitation should be performed regularly with different levels of complexity for each information system. However, this task is facing many difficulties in large-scale deployment due to the lack of experienced testing experts. In this paper, we proposed a Framework that can automatically gather information and automatically select suitable module to exploit the target based on reinforcement learning technology. Furthermore, our framework has intergrated many scanning tools, exploited tools that help pentesters doing their work. It also can be easily updated new vulnerabilities exploit techniques.

scholarly journals Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment

2020 ◽  
Vol 7 (4) ◽  
pp. 853
Author(s):  
Imam Riadi ◽  
Anton Yudhana ◽  
Yunanri W
Keyword(s):  
Open Access ◽  
Vulnerability Assessment ◽  
Web Application ◽  
Scientific Publication ◽  
Information Gathering ◽  
Public Knowledge ◽  
Audit Process ◽  
Sql Injection ◽  
Web Application Security ◽  
Access Port

<p class="Body"><em>Open Journal System</em> (OJS) merupakan perangkat lunak yang berfungsi sebagai sarana publikasi ilmiah dan digunakan diseluruh dunia. OJS yang tidak dipantau beresiko diserang oleh <em>hacker</em>.  Kerentanan yang di timbulkan oleh <em>hacker</em> akan berakibat buruk terhadap performa dari sebuah OJS.  Permasalahan yang dihadapi pada sistem OJS meliputi <em>network</em>, <em>port discover</em>, proses audit <em>exploit</em> sistem OJS. Proses audit sistem pada OJS mencakup <em>SQL Injection</em>, melewati <em>firewall </em>pembobolan <em>password</em>. Parameter input yang digunakan adalah IP<em> </em><em>address</em> dan <em>p</em><em>ort open access</em>. Metode yang digunakan adalah <em>vulnerability assessment</em>. Yang terdiri dari beberapa tahapan seperti <em>information gathering</em> atau <em>footprinting</em>, <em>scanning vulnerability</em>, <em>reporting</em>. Kegiatan ini bertujuan untuk mengidentifikasi celah keamanan pada <em>website o</em><em>pen j</em><em>ournal s</em><em>ystem</em> (OJS). Penelitian ini menggunakan <em>o</em><em>pen w</em><em>eb a</em><em>pplication s</em><em>ecurity p</em><em>roject</em> (OWASP). Pengujian yang telah dilakukan berhasil mengidentifikasi 70 kerentanan<em> high</em>, 1929 <em>medium</em>,<em> </em>4050 <em>low</em> pada OJS, Total nilai <em>vulnerabilit</em>y pada OJS yang di uji coba sebesar 6049. Hasil pengujian yang dilakukan menunjukkan bahwa pada OJS versi 2.4.7 memiliki banyak celah kerentanan atau <em>vulnerability</em>, tidak di rekomendasi untuk digunakan. Gunakanlah versi terbaru yang dikeluarkan oleh pihak OJS <em>Public knowledge  project</em> (PKP).</p><p class="Body"> </p><p class="Body"><em><strong>Abstract</strong></em></p><p class="Judul21"><em>The Open Journal System (OJS) is </em><em>A </em><em>software that functions as a means of scientific publication and is used throughout the world. OJS that is not monitored is at risk of being attacked by hackers. Vulnerabilities caused by hackers will adversely affect the performance of an OJS. The problems faced by the OJS system include the network, port discover, OJS system audit exploit process. The system audit process on the OJS includes SQL Injection, bypassing the firewall breaking passwords. The input parameters used are the IP address and open access port. The method used is a vulnerability assessment. Which consists of several stages such as information gathering or footprinting, scanning vulnerability, reporting. This activity aims to identify security holes on the open journal system (OJS) website. This study uses an open web application security project (OWASP). Tests that have been carried out successfully identified 70 vulnerabilities high, 1929 medium, 4050 low in OJS, the total value of vulnerability in OJS which was tested was 6049. The results of tests conducted showed that in OJS version 2.4.7 had many vulnerabilities or vulnerabilities, not on recommendations for use. Use the latest version issued by the OJS Public Knowledge Project (PKP).</em></p><p class="Body"><em><strong><br /></strong></em></p>

scholarly journals Vulnerability Assessment as a Basis for Sanitary Zone Delineation of Karst Groundwater Sources—Blederija Spring Case Study

Water ◽  
2021 ◽  
Vol 13 (19) ◽  
pp. 2775
Author(s):  
Vladimir Živanović ◽  
Nebojša Atanacković ◽  
Saša Stojadinović
Keyword(s):  
Vulnerability Assessment ◽  
Groundwater Vulnerability ◽  
Assessment Method ◽  
Karst Groundwater ◽  
Karst Spring ◽  
Aquifer Recharge ◽  
Protection Zones ◽  
Groundwater Vulnerability Assessment ◽  
Vulnerability Maps ◽  
Dependent Model

The application of groundwater vulnerability methods has great importance for the sanitary protection zones delineation of karstic sources. Source vulnerability assessment of karst groundwater has mainly relied on the European approach (European Cooperation in Science and Technology—COST action 620), which includes analysis of the K factor, which refers to water flow through the saturated zone of the karst system. In the paper, two approaches to groundwater vulnerability assessment have been applied, COP + K and TDM (Time-Dependent Model) methods, to produce the most suitable source vulnerability map that can be transformed into sanitary protection zones maps. Both methods were tested on the case example of Blederija karst spring in Eastern Serbia. This spring represents a classical karst spring with allogenic and autogenic recharge. Dual aquifer recharge points out the necessity for the inclusion of the vulnerability assessment method created especially for the assessment of karst groundwater. Obtained vulnerability maps show similar results, particularly in the spring and the ponor areas, and these zones are most important for future protection. The COP + K method brings out three vulnerability classes that can be directly transformed into three sanitary protection zones. Contrary to the previous one, the TDM method uses water travel time as a vulnerability degree. The results show that the final map can be easily used to define sanitary zones considering different national legislation.

A RISK ASSESSMENT METHOD IN INFORMATION SYSTEM

2016 ◽  
Author(s):  
PENG XU ◽  
MEIRONG CHEN ◽  
LIFANG FENG ◽  
YANG XU ◽  
DANCHEN WANG ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Assessment Method ◽  
Risk Assessment Method

scholarly journals A Comparative Study of MCDM Methods Integrated with Rapid Visual Seismic Vulnerability Assessment of Existing RC Structures

2020 ◽  
Vol 10 (18) ◽  
pp. 6411 ◽  
Author(s):  
Ehsan Harirchian ◽  
Kirti Jadhav ◽  
Kifaytullah Mohammad ◽  
Seyed Ehsan Aghakouchaki Hosseini ◽  
Tom Lahmer
Keyword(s):  
Decision Making ◽  
Vulnerability Assessment ◽  
Seismic Vulnerability ◽  
Multiple Criteria Decision Making ◽  
Economic Loss ◽  
Assessment Method ◽  
Seismic Vulnerability Assessment ◽  
Rc Structures ◽  
Risk Levels ◽  
Rapid Visual Screening

Recently, the demand for residence and usage of urban infrastructure has been increased, thereby resulting in the elevation of risk levels of human lives over natural calamities. The occupancy demand has rapidly increased the construction rate, whereas the inadequate design of structures prone to more vulnerability. Buildings constructed before the development of seismic codes have an additional susceptibility to earthquake vibrations. The structural collapse causes an economic loss as well as setbacks for human lives. An application of different theoretical methods to analyze the structural behavior is expensive and time-consuming. Therefore, introducing a rapid vulnerability assessment method to check structural performances is necessary for future developments. The process, as mentioned earlier, is known as Rapid Visual Screening (RVS). This technique has been generated to identify, inventory, and screen structures that are potentially hazardous. Sometimes, poor construction quality does not provide some of the required parameters; in this case, the RVS process turns into a tedious scenario. Hence, to tackle such a situation, multiple-criteria decision-making (MCDM) methods for the seismic vulnerability assessment opens a new gateway. The different parameters required by RVS can be taken in MCDM. MCDM evaluates multiple conflicting criteria in decision making in several fields. This paper has aimed to bridge the gap between RVS and MCDM. Furthermore, to define the correlation between these techniques, implementation of the methodologies from Indian, Turkish, and Federal Emergency Management Agency (FEMA) codes has been done. The effects of seismic vulnerability of structures have been observed and compared.

Sign in / Sign up

Export Citation Format

Share Document