Analisis Keamanan Sistem Informasi Akademik (SIAKAD) Universitas XYZ Menggunakan Metode Vulnerability Assessment

The use of academic information systems (siakad) has become mandatory for universities in providing user convenience in online academic administrative activities. However, sometimes college siakad has security holes that irresponsible people can take advantage of by hacking. This study aims to identify security vulnerabilities at XYZ Siakad University. The method used in this study is a vulnerability assessment method. A university syakad will conduct an initial vulnerability assessment by doing footprinting to get information related to XYZ syakad after that a vulnerability scan is carried out using vulnerability assessment tools to identify vulnerabilities and the level of risk found. Based on the vulnerability of the XYZ university's vulnerabilities, it is quite good, with a high risk level of 1, a medium risk level of 6 and a low risk level of 14. Researchers provide recommendations for improvements related to the findings of security holes in XYZ university Siakad from XSS (Cross Site Scripting) attacks, Clickjacking, Brute Force, Cross-site Request Forgery (CSRF) and Sniffing.

Bad Tools Hurt: Lessons for teaching computer security skills to undergraduates

Understanding why developers continue to misuse security tools is critical to designing safer software, yet the underlying reasons developers fail to write secure code are not well understood. In order to better understand how to teach these skills, we conducted two comparatively large-scale usability studies with undergraduate CS students to assess factors that affect success rates in securing web applications against cross-site request forgery (CSRF) attacks. First, we examined the impact of providing students with example code and/or a testing tool. Next, we examined the impact of working in pairs. We found that access to relevant secure code samples gave significant benefit to security outcomes. However, access to the tool alone had no significant effect on security outcomes, and surprisingly, the same held true for the tool and example code combined. These results confirm the importance of quality example code and demonstrate the potential danger of using security tools in the classroom that have not been validated for usability. No individual differences predicted one’s ability to complete the task. We also found that working in pairs had a significant positive effect on security outcomes. These results provide useful directions for teaching computer security programming skills to undergraduate students.

DJANGO AS SECURE WEB-FRAMEWORK IN PRACTICE

. Today information security has become one of the most important parts of our social media life. Social and media resources are based on web-services in the cloud. It means security of web-services is the equality of people’s social, media, data and information security. In this paper the most important focus was on special secure techniques and tools inside the most popular web-framework on Python programming language - Django. Django has several really strong design patterns and techniques with special tools to store and send user’s data in very secure methods. Developer can easily install in Django-application some new extra instruments, tools and special libraries to make web-application more securable. Django has such extremely useful instruments like Django-ORM, CSRF-tokens, XSS-protection and so many else. For example, Django-ORM (Object-Relational Mapping) is a really powerful instrument to be used for protection of such attacks like SQL-injections. One more instance, CSRF-token (Cross-site request forgery - token) is really amazing internal Django's tool against cross-site request forgery attacks that Django uses in html-templates. The best practice and good examples of these tools are shown inside this paper. Moreover, in the paper were demonstrated comparison of different attack cases and their deep analysis with protection methods from these attacks by Django's tools and techniques. One more thing, we also briefly reviewed other types of vulnerabilities and methods of protection against them and hope this article has given an understanding of the Django security techniques. Finally, Django could become more securable after each next version.

Transmission Control Protocol Off Path Exploits in Web

The network community in the current scenario has faced lot of potential threats like restricted access to unauthorized network; break in through other organizations, making the system unavailable and so on. An off-path attacker can perform various attacks like Browser page read, Web phishing, website Spoofing and defacement to know the 4 tuples in Transmission Control Protocol. The attacker can also carry out Cross Site Scripting to know the sensitive information on websites. Cross Site Request Forgery which performs defective exploit on web. This helps in detecting the four tuples Sequence number, Acknowledgement number, Global IPID Counter and ports.

Malicious JavaScript Detection Based on Bidirectional LSTM Model

JavaScript has been widely used on the Internet because of its powerful features, and almost all the websites use it to provide dynamic functions. However, these dynamic natures also carry potential risks. The authors of the malicious scripts started using JavaScript to launch various attacks, such as Cross-Site Scripting (XSS), Cross-site Request Forgery (CSRF), and drive-by download attack. Traditional malicious script detection relies on expert knowledge, but even for experts, this is an error-prone task. To solve this problem, many learning-based methods for malicious JavaScript detection are being explored. In this paper, we propose a novel deep learning-based method for malicious JavaScript detection. In order to extract semantic information from JavaScript programs, we construct the Program Dependency Graph (PDG) and generate semantic slices, which preserve rich semantic information and are easy to transform into vectors. Then, a malicious JavaScript detection model based on the Bidirectional Long Short-Term Memory (BLSTM) neural network is proposed. Experimental results show that, in comparison with the other five methods, our model achieved the best performance, with an accuracy of 97.71% and an F1-score of 98.29%.