NIST SP 800-115 Framework Implementation using Black Box Method on Security Gaps Testing on JTD Polinema’s Official Website

Authors

  • Dina Nurika Fitriana Fitriana State Polytechnic of Malang
  • Putri Elfa Mas’udia State Polytechnic of Malang
  • Mila Kusumawardani State Polytechnic of Malang

DOI:

https://doi.org/10.33795/jartel.v13i4.557

Keywords:

Black Box Method, Hardening, NIST, Security Gaps, Website

Abstract

The internet is one example of a computer network that can make it easier to obtain information. According to BSSN's December 2021 report, there were 3,483,706 web application attacks. According to the BSSN monthly report, there were 3,483,706 web application attacks at the end of December 2021. The JTD Study Program's official website (psjtd.polinema.ac.id) faced recurrent hacking incidents, exposing it to DDOS assaults and defacing. As a result, security testing must be carried out in accordance with particular standards, such as the National Institute of Standards and Technology (NIST) SP 800-115 framework. Penetration testing was performed in this investigation using the Black Box testing method approach and hardening. The results of testing and analyzing security gaps on the website reveal 10 open ports and 11 various types of security holes with varying levels of vulnerability categorized as 1 high, 3 medium, 5 low, and 2 informational. During penetration testing, one ping packet was sent that could not cause any problems, and then one of the Syn Flooding attacks was carried out, which resulted in the number of shipments reaching 10,000 packets per second.

References

P. Agustini, "Warganet Meningkat, Indonesia Perlu Tingkatkan Nilai," aptika.kominfo.go.id, 2021.

B. S. D. S. N. (BSSN), "Laporan Bulanan Hasil Monitoring Keamanan Siber Nasional," Id-SIRTII/CC, 2021.

D. Sulistyowati, F. Handayani, and Y. Suryanto, “Comparative analysis and design of cybersecurity maturity assessment methodology using nist csf, cobit, iso/iec 27002 and pci dss,” Int. J. Informatics Vis., vol. 4, no. 4, pp. 225–230, 2020.

P. P. Roy, “A High-Level Comparison between the NIST Cyber Security Framework and the ISO 27001 Information Security Standard,” 2020 Natl. Conf. Emerg. Trends Sustain. Technol. Eng. Appl. NCETSTEA 2020, vol. 53, pp. 27001–27003, 2020.

H. Sama, Licen, J. S. D. Saragi, M. Erline, Kelvin, Y. Hartanto, J. Winata, and M. Devalia, "Studi Komparasi Framework NIST dan ISO 27001 Sebagai Standar Audit Dengan Metode Deskriptif Studi Pustaka," Rabit: Jurnal Teknologi dan Sistem Informasi, vol. 6, no. 2, pp. 116-121, 2021.

F. Mahardika, "Manajemen Risiko Keamanan Informasi Menggunakan Framework NIST SP 800-30 Revisi 1 (Studi Kasus: STMIK Sumedang)," Jurnal Informatika:Jurnal Pengembangan IT (JPIT), vol. 2, no. 2, pp. 1-8, 2017.

R. A. Wibowo and S. Widyarto, “Kajian Pustaka: Penetration Testing dengan NIST SP 800-115 dan OSSTMM”, Proceedings of the Informatics Conference, vol. 6, no. 10, 2020.

E. Z. Darojata, E. Sediyonob, I. Sembiring, “Vulnerability Assessment Website E-Government dengan NIST SP 800-115 dan OWASP Menggunakan Web Vulnerability Scanner,” Jurnal Sistem Informasi Bisnis, vol. 01, 2022.

F. Hanifah, A. Budiyono, and A. Widjajarto, “Analisa kerentanan pada Vulnerable Docker menggunakan alienvault dan docker bench for security dengan acuan framework Cis Control,” in e-Proceeding of Engineering, vol. 8, no. 5. 2021.

B. Wicaksono, Y. R. Kusumaningsih, and Iswahyudi, c.. Pengujian Celah Keamanan Aplikasi Berbasis Web Menggunakan Teknik Penetration Testing dan Dast (Dynamic Application Security Testing),” jurnal jarkom, vol. 8, pp. 1-9, 2020.

J, Susanto, Biqirrosyad, M. M. Junaidi, Y. Sudrajat, Y., and T. Desyani, “Pengujian Black Box pada Aplikasi Desktop Penjualan Elektronik Menggunakan Metode Equivalence Partitioning,” Jurnal Teknologi Sistem Informasi dan Aplikasi, vol. 4, no. 1, pp. 38-45, 2021.

I. G. A. S. Sanjaya, G. M. A. Sasmita, and D. M. S. Arsa, “Evaluasi Keamanan Website Lembaga X Melalui Penetration Testing Menggunakan Framework ISSAF,” Jurnal Ilmiah Merpati, vol. 8, pp. 113-124, 2020.

M. Nurudin, W. Jayanti, R.D. Saputro, M. P. Saputra, and Yulianti, “Pengujian Black Box pada Aplikasi Penjualan Berbasis Web menggunakan Teknik Boundary Value Analysis,” Jurnal Informatika Universitas Pamulang, vol. 4, no. 4, pp. 143-148, 2019.

I. A. Shaleh, J. Prayogi, Pirdaus, R. Syawal, and A. Saifudin, “Pengujian Black Box pada Sistem Informasi Penjualan Buku Berbasis Web dengan Teknik Equivalent Partitions,” Jurnal Teknologi Sistem Informasi dan Aplikasi, vol. 4, no. 1, pp. 38-45, 2021.

T. Wahyuningrum and D. D. Januarita, “Implementasi dan Pengujian Web Ecommerce untuk Produk Unggulan Desa,” Jurnal Komputer Terapan, vol. 1, pp. 57-66, 2015.

F. S. Kristara, G. Kanuraga, R. Rohmat, D. Yansah, A. Saifudin, and Yulianti, "Pengujian Kualitas Aplikasi Web E-Learning Universitas Pamulang Menggunakan Metode Black Box," Jurnal Informatika Universitas Pamulang, vol. 6, no. 2, pp. 225-231, 2021.

Downloads

Published

2023-12-22

How to Cite

[1]
D. N. F. Fitriana, P. . Elfa Mas’udia, and M. . Kusumawardani, “NIST SP 800-115 Framework Implementation using Black Box Method on Security Gaps Testing on JTD Polinema’s Official Website”, Jartel, vol. 13, no. 4, pp. 328-335, Dec. 2023.

Issue

Vol. 13 No. 4 (2023): Vol. 13 No. 04 (2023) : December 2023

Section

Articles

License

Copyright (c) 2023 Dina Nurika Fitriana Fitriana, Putri Elfa Mas’udia, Mila Kusumawardani

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.