Penetration Testing Information System Security Assessment Framework (ISSAF)
DOI:
https://doi.org/10.30865/klik.v4i3.1507Keywords:
Framework ISSAF; Vulnerability Website; Blackbox; Penetration TestingAbstract
The development of information technology has had a positive impact on various fields, including the field of web technology. Information technology has now become a necessity in improving the performance of organizations and educational institutions in achieving goals. Websites are a tool for institutions to promote to the general public. The https://kekampus.umri.ac.id/ website is an information system owned by the Umri campus which is used for PKKMB and Umri Masters, as a website that functions in storing data, it is necessary to increase security to prevent hacker attacks, there are several methods used, one of which is The ISSAF framework is a penetration testing standard used to test the resilience of websites. The aim of this research is to determine the security gaps of the https://kekampus.umri.ac.id/ website by using the penetration testing method with the ISSAF Framework. The ISSAF framework includes nine test assessments which include Information Gathering, Network Mapping, Vulnerability Identification, Penetration, Gaining Access and Privilege Escalation, Enumerating Further, Compromising Remote Users/Sites, Maintaining Access, and Covering Tracks. In this study, examiners only carried out four stages of the nine stages in the ISSAF framework. This research uses a black box strategy where testers are only given access to the target website domain. This research was conducted because of the problems that often occur in gacor slots in one of UMRI's information systems. The results of the analysis carried out found that there were several vulnerabilities that were lacking on the website, namely SQL injection attacks, cross JavaScript, cookie secure flags on the https://kekampus.umri.ac.id/ website. and provide suggestions or recommendations to improve security on the https://kekampus.umri.ac.id/ website.
Downloads
References
M. Harist Murdani, M. Usniyah Sari, and U. Wijaya Putra Surabaya, “IT Productivity Paradox pada Perguruan Tinggi Swasta 1,” Jurnal Ilmiah Teknologi Informasi Asia, vol. 12, no. 2, pp. 81–90, 2018.
A. R. Tanaamah and F. J. Indira, “Analysis of Information Technology Security Management SWCU SIASAT Using ISO/IEC 27001:2013,” IJITEE, vol. 5, no. 2, pp. 68–74, 2021.
R. Ashar, “Analisis Keamanan Open Website Menggunakan Metode OWASP dan ISSAF,” Jurnal Informasi dan Teknologi, vol. 4, no. 4, pp. 211–218, 2022, doi: 10.37034/jsisfotek.v4i4.233.
G. Suprianto, “Penetration Testing Pada Sistem Informasi Jabatan Universitas Hayam Wuruk Perbanas,” InComTech?: Jurnal Telekomunikasi dan Komputer, vol. 12, no. 2, pp. 129–138, Aug. 2022, doi: 10.22441/incomtech.v12i2.15093.
G. Ary, S. Sanjaya, G. Made, A. Sasmita, D. Made, and S. Arsa, “Evaluasi Keamanan Website Lembaga X Melalui Penetration Testing Menggunakan Framework ISSAF,” JURNAL ILMIAH MERPATI, vol. 8, no. 2, pp. 113–124, 2020.
S. Andriyani, M. Fajar Sidiq, and B. Parga Zen, “Analisis Celah Keamanan Pada Website Dengan Menggunakan Metode Penetration Testing Dan Framework Issaf Pada Website SMK Al-Kautsar,” LEDGER: Journal Informatic and Information Technology, vol. 2, no. 1, pp. 2963–8798, 2023.
E. P. Silmina, A. Firdonsyah, and R. A. A. Amanda, “Analisis Keamanan Jaringan Sistem Informasi Sekolah Menggunakan Penetration Test Dan Issaf,” TRANSMISI?: JURNAL ILMIAH TEKNIK ELEKTRO, vol. 24, no. 3, pp. 83–91, Aug. 2022, doi: 10.14710/transmisi.24.3.83-91.
S. E. Prasetyo and N. Hassanah, “Analisis Keamanan Website Universitas Internasional Batam Menggunakan Metode ISSAF,” Jurnal Informasi dan Teknologi, vol. 09, no. 02, pp. 82–86, 2022.
M. A. Nabila, P. E. Mas’udia, and R. Saptono, “Analysis and Implementation of the ISSAF Framework on OSSTMM on Website Security Vulnerabilities Testing in Polinema,” Journal of Telecommunication Network (Jurnal Jaringan Telekomunikasi), vol. 13, no. 1, 2023.
Guntoro, L. Costaner, and Musfawita, “Analisis Keamanan Web Server Open Journal System (Ojs) Menggunakan Metode Issaf Dan Owasp (Studi Kasus Ojs Universitas Lancang Kuning),” JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), vol. 05, no. 01, pp. 45–55, 2020.
A. Zein, “Evaluasi Keamanan Wireless Lan Menggunakan Issaf (Information System Security Assessment Framework),” SAINSTECH: JURNAL PENELITIAN DAN PENGKAJIAN SAINS DAN TEKNOLOGI, vol. 32, no. 2, pp. 29–35, 2022, doi: 10.37277/stch.v32i2.
H. Poston, “What are black box, grey box, and white box penetration testing? [Updated 2020],” INFOSEC. Accessed: Dec. 15, 2023. [Online]. Available: https://resources.infosecinstitute.com/topics/penetration-testing/what-are-black-box-grey-box-and-white-box-penetration-testing/
M. Shivanandhan, “What is Nmap and How to Use it – A Tutorial for the Greatest Scanning Tool of All Time,” freeCodeCamp. Accessed: Dec. 15, 2023. [Online]. Available: https://www.freecodecamp.org/news/what-is-nmap-and-how-to-use-it-a-tutorial-for-the-greatest-scanning-tool-of-all-time/
I. Riadi, A. Yudhana, and P. Korspondensi, “Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment,” Jurnal Teknologi Informasi dan Ilmu Komputer (JTIIK), vol. 7, no. 4, pp. 853–860, 2018, doi: 10.25126/jtiik.202071928.
L. Kestina and G. Widi Nurcahyo, “Penanganan Celah Keamanan Website dengan Ethical Hacking dan Issaf Menggunakan Acunetix Vulnerability (Studi Kasus di Bkpsdmd Kabupaten Kerinci),” INNOVATIVE: Journal Of Social Science Research, vol. 3, no. 4, pp. 9192–9203, 2023.
Y. Noviko Rahman, R. Maulana Hadi, M. Nabilah, M. Hanif Waskito, and N. Aini Rakhmawati, “Analisis Penggunaan Framework Website Jdih Khusus Peraturan Kementerian Republik Indonesia,” JURNAL TEKNOLOGI DAN OPEN SOURCE, vol. 3, no. 1, pp. 78–89, 2020.
D. Sudirman and Akma Nurul Yaqin, “Network Penetration dan Security Audit Menggunakan Nmap,” SATIN - Sains dan Teknologi Informasi, vol. 7, no. 1, pp. 32–44, Jun. 2021, doi: 10.33372/stn.v7i1.702.
N. Herawati, V. Budiyanto, and Uminingsih, “ANALISIS KEAMANAN SEBUAH DOMAIN MENGGUNAKAN OPEN WEB APPLICATION SECURITY PROJECT (OWASP) Zap,” JURNAL TEKNOLOGI TECHNOSCIENTIA, vol. 15, no. 2, pp. 27–36, Mar. 2023, doi: 10.34151/technoscientia.v15i2.4013.
P. Gio et al., “Analisis Perbandingan Tools SQL Injection Menggunakan SQLmap, SQLsus dan The Mole,” JURNAL INFORMATIK, vol. 18, no. 3, pp. 286–292, 2022.
A. W. Wardhana and H. B. Seta, “Analisis Keamanan Sistem Pembelajaran Online Menggunakan Metode ISSAF pada Website Universitas XYZ,” JURNAL INFORMATIK, vol. 17, no. 3, pp. 226–237, 2021.
R. Umar, I. Riadi, M. Ihya, and A. Elfatiha, “Analisis Keamanan Sistem Informasi Akademik Berbasis Web Menggunakan Framework ISSAF,” Jutisi: Jurnal Ilmiah Teknik Informatika dan Sistem Informasi, vol. 12, no. 1, pp. 280–292, 2023.
Bila bermanfaat silahkan share artikel ini
Berikan Komentar Anda terhadap artikel Penetration Testing Information System Security Assessment Framework (ISSAF)
ARTICLE HISTORY
Issue
Section
Copyright (c) 2023 Zul Azis Khan, Nazaruddin Safaat, Muhammad Irsyad, Teddie Darmizal
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under Creative Commons Attribution 4.0 International License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (Refer to The Effect of Open Access).