Analysis and Implementation of the ISSAF Framework on OSSTMM on Website Security Vulnerabilities Testing in Polinema

Authors

  • Muhammad Alif Nabila State Polytechnic of Malang
  • Putri Elfa Mas'udia State Polytechnic of Malang
  • Rachmad Saptono State Polytechnic of Malang

DOI:

https://doi.org/10.33795/jartel.v13i1.511

Keywords:

Website, Security, Vulnerabilites, Penetration testing, ISSAF, OSSTMM

Abstract

Along with the increasing number of websites circulating on the Internet, the security holes that arise are also increasing. The Electrical Engineering Department's website is no exception, especially on the Electrical Engineering Department's website which has never been audited to scan for security holes on the Electrical Engineering Department's website so the level of reliability of the Electrical Engineering Department's website cannot be known. On this basis, a study entitled "Analysis and Implementation of the ISSAF Framework for OSSTMM in Testing Website Security Gaps at Polynema" will be carried out. In this study, the authors tested security holes on the website at Polinema using the ISSAF and OSSTMM frameworks to scan for security holes on the Electrical Engineering Network website. Then from the test results, recommendations will be given to website managers to overcome existing security holes. Before giving recommendations, the author will try to update website security and re-test the updated website. This is done to prove whether updates made to website security can work effectively in overcoming security holes that were previously found. Based on the research that has been done, it is known that on the Electrical Engineering Department's website there are 21 security holes with 7 of them at medium level when testing for security holes using the ISSAF framework. And there are 17 security holes when testing security holes using the OSSTMM framework. The security holes include 10 open ports, DoS, brute-force, and there are security holes in the library used.

References

A. W. Wardhana and H. B. Seta, “Analisis Keamanan Sistem Pembelajaran Online Menggunakan Metode ISSAF pada Website Universitas XYZ,” Jurnal Informatik, vol. 17, no. 3, pp. 226,237, 2021.

Y. I. Fernando and R. Abdillah, “Security Testing Sistem Penerimaan Mahasiswa Baru Universitas XYZ Menggunakan Open Source Security Testing Methodology Manual (OSSTMM),” Jurnal CoreIT, pp. 33-40, 2016.

A. Rochman, R. R. Salam and S. A. Maulana, “Analisis Keamanan Website Dengan Information System Security Assessment Framework (ISSAF) dan Open Web Application Security Project (OWASP) di Rumah Sakit XYZ,” Jurnal Indonesia Sosial Teknologi, Vols. vol. 2, no. 4,.

Guntoro, L. Costaner and Musfawati, “Analisis Kemanan Web Server Open Journal System (OJS) Menggunakan Metode ISSAF dan OWASP (Studi Kasus OJS Universitas Lancang Kuning),” Jurnal Ilmiah Penelitian dan Pembelajaran Informatika, pp. 45-55, 2020.

P. Herzog, “ The Open Source Security Testing Methodology Manual 3.0,” New York: ISECOM, 2010.

M. A. Z. Rizky and Yuhandri, “Optimalisasi dalam Penetrasi Testing Keamanan Website Menggunakan Teknik SQL Injection dan XSS,” Jurnal Sistim Informasi dan Teknologi, pp. 215-220, 2021.

M. Arman, “Metode Pertahanan Web Server Terhadap Distributed Slow HTTP DoS Attack,” Jurnal Teknik Informatika dan Sistem Informasi, pp. 56-70, 2020.

B. Arifwidodo, Y. Syuhada and S. Ikhwan, “Analisis Kinerja Mikrotik Terhadap Serangan Brute Force dan DDoS,” Techno.COM, pp. 392-399, 2021.

W. Agustiara, A. Pratama and S. Junaidi, "Analisis Keamanan Protokol Secure Socket Layer Terhadap Serangan Packet Sniffing pada Website Portal Berita Harian Umum Koran Padang," Jurnal Teknik Informatika Kaputama, vol. 6, no. 1, pp. 10-15, 2022.

M. S. Hisbuan and L. M. Gultom, “Analisis Serangan Deface Menggunakan Backdoor Shell Pada Website,” Techno.COM, vol. 17, no. 4, pp. 415-423, 2018.

D. Aleyka and P. Mishra, “Study on Manual Auditing for Web Application Vulnerability Detection,” Annals of R.S.C.B., vol. 25, no. 4, pp. 19612-19618, 2021.

S. U. Sunaringtyas and D. S. Prayoga, “Implementasi Penetration Testing Execution Standard Untuk Uji Penetrasi Pada Layanan Single Sign-On,” Edu Komputika Journal, vol. 8, no. 1, pp. 48-56, 2021.

R. T. Dirgahayu, Y. Prayudi and A. Fajaryanto, “Penerapan Metode ISSAF dan OWASP versi 4 Untuk Uji Kerentanan Web Server,” Jurnal Ilmiah NERO, vol. 1, no. 3, pp. 190-197, 2015.

F. Abu-Dabaseh and E. Alshammari, “Automated Penetration Testing: An Overview,” Computer Science & Information Technology, pp. 121-129, 2018.

E. S. P. Taringan, “Security Testing Dengan Menggunakan Metode OSSTMM Pada Web Institut Teknologi Telkom Purwokerto,” Institut Teknologi Telkom Purwokerto, Purwokerto, 2018.

Downloads

Published

2023-03-31

How to Cite

[1]
M. A. . Nabila, P. E. Mas’udia, and R. Saptono, “Analysis and Implementation of the ISSAF Framework on OSSTMM on Website Security Vulnerabilities Testing in Polinema”, Jartel, vol. 13, no. 1, pp. 87-94, Mar. 2023.