Penetration Testing Information System Security Assessment Framework (ISSAF)


Authors

  • Zul Azis Khan Universitas Islam Negeri Sultan Syarif Kasim Riau, Pekanbaru, Indonesia
  • Nazruddin Safaat H Universitas Islam Negeri Sultan Syarif Kasim Riau, Pekanbaru, Indonesia
  • Muhammad Irsyad Universitas Islam Negeri Sultan Syarif Kasim Riau, Pekanbaru, Indonesia
  • Teddie Darmizal Universitas Islam Negeri Sultan Syarif Kasim Riau, Pekanbaru, Indonesia

DOI:

https://doi.org/10.30865/klik.v4i3.1507

Keywords:

Framework ISSAF; Vulnerability Website; Blackbox; Penetration Testing

Abstract

The development of information technology has had a positive impact on various fields, including the field of web technology. Information technology has now become a necessity in improving the performance of organizations and educational institutions in achieving goals. Websites are a tool for institutions to promote to the general public. The https://kekampus.umri.ac.id/ website is an information system owned by the Umri campus which is used for PKKMB and Umri Masters, as a website that functions in storing data, it is necessary to increase security to prevent hacker attacks, there are several methods used, one of which is The ISSAF framework is a penetration testing standard used to test the resilience of websites. The aim of this research is to determine the security gaps of the https://kekampus.umri.ac.id/ website by using the penetration testing method with the ISSAF Framework. The ISSAF framework includes nine test assessments which include Information Gathering, Network Mapping, Vulnerability Identification, Penetration, Gaining Access and Privilege Escalation, Enumerating Further, Compromising Remote Users/Sites, Maintaining Access, and Covering Tracks. In this study, examiners only carried out four stages of the nine stages in the ISSAF framework. This research uses a black box strategy where testers are only given access to the target website domain. This research was conducted because of the problems that often occur in gacor slots in one of UMRI's information systems. The results of the analysis carried out found that there were several vulnerabilities that were lacking on the website, namely SQL injection attacks, cross JavaScript, cookie secure flags on the https://kekampus.umri.ac.id/ website. and provide suggestions or recommendations to improve security on the https://kekampus.umri.ac.id/ website.

Downloads

Download data is not yet available.

References

M. Harist Murdani, M. Usniyah Sari, and U. Wijaya Putra Surabaya, “IT Productivity Paradox pada Perguruan Tinggi Swasta 1,” Jurnal Ilmiah Teknologi Informasi Asia, vol. 12, no. 2, pp. 81–90, 2018.

A. R. Tanaamah and F. J. Indira, “Analysis of Information Technology Security Management SWCU SIASAT Using ISO/IEC 27001:2013,” IJITEE, vol. 5, no. 2, pp. 68–74, 2021.

R. Ashar, “Analisis Keamanan Open Website Menggunakan Metode OWASP dan ISSAF,” Jurnal Informasi dan Teknologi, vol. 4, no. 4, pp. 211–218, 2022, doi: 10.37034/jsisfotek.v4i4.233.

G. Suprianto, “Penetration Testing Pada Sistem Informasi Jabatan Universitas Hayam Wuruk Perbanas,” InComTech?: Jurnal Telekomunikasi dan Komputer, vol. 12, no. 2, pp. 129–138, Aug. 2022, doi: 10.22441/incomtech.v12i2.15093.

G. Ary, S. Sanjaya, G. Made, A. Sasmita, D. Made, and S. Arsa, “Evaluasi Keamanan Website Lembaga X Melalui Penetration Testing Menggunakan Framework ISSAF,” JURNAL ILMIAH MERPATI, vol. 8, no. 2, pp. 113–124, 2020.

S. Andriyani, M. Fajar Sidiq, and B. Parga Zen, “Analisis Celah Keamanan Pada Website Dengan Menggunakan Metode Penetration Testing Dan Framework Issaf Pada Website SMK Al-Kautsar,” LEDGER: Journal Informatic and Information Technology, vol. 2, no. 1, pp. 2963–8798, 2023.

E. P. Silmina, A. Firdonsyah, and R. A. A. Amanda, “Analisis Keamanan Jaringan Sistem Informasi Sekolah Menggunakan Penetration Test Dan Issaf,” TRANSMISI?: JURNAL ILMIAH TEKNIK ELEKTRO, vol. 24, no. 3, pp. 83–91, Aug. 2022, doi: 10.14710/transmisi.24.3.83-91.

S. E. Prasetyo and N. Hassanah, “Analisis Keamanan Website Universitas Internasional Batam Menggunakan Metode ISSAF,” Jurnal Informasi dan Teknologi, vol. 09, no. 02, pp. 82–86, 2022.

M. A. Nabila, P. E. Mas’udia, and R. Saptono, “Analysis and Implementation of the ISSAF Framework on OSSTMM on Website Security Vulnerabilities Testing in Polinema,” Journal of Telecommunication Network (Jurnal Jaringan Telekomunikasi), vol. 13, no. 1, 2023.

Guntoro, L. Costaner, and Musfawita, “Analisis Keamanan Web Server Open Journal System (Ojs) Menggunakan Metode Issaf Dan Owasp (Studi Kasus Ojs Universitas Lancang Kuning),” JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), vol. 05, no. 01, pp. 45–55, 2020.

A. Zein, “Evaluasi Keamanan Wireless Lan Menggunakan Issaf (Information System Security Assessment Framework),” SAINSTECH: JURNAL PENELITIAN DAN PENGKAJIAN SAINS DAN TEKNOLOGI, vol. 32, no. 2, pp. 29–35, 2022, doi: 10.37277/stch.v32i2.

H. Poston, “What are black box, grey box, and white box penetration testing? [Updated 2020],” INFOSEC. Accessed: Dec. 15, 2023. [Online]. Available: https://resources.infosecinstitute.com/topics/penetration-testing/what-are-black-box-grey-box-and-white-box-penetration-testing/

M. Shivanandhan, “What is Nmap and How to Use it – A Tutorial for the Greatest Scanning Tool of All Time,” freeCodeCamp. Accessed: Dec. 15, 2023. [Online]. Available: https://www.freecodecamp.org/news/what-is-nmap-and-how-to-use-it-a-tutorial-for-the-greatest-scanning-tool-of-all-time/

I. Riadi, A. Yudhana, and P. Korspondensi, “Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment,” Jurnal Teknologi Informasi dan Ilmu Komputer (JTIIK), vol. 7, no. 4, pp. 853–860, 2018, doi: 10.25126/jtiik.202071928.

L. Kestina and G. Widi Nurcahyo, “Penanganan Celah Keamanan Website dengan Ethical Hacking dan Issaf Menggunakan Acunetix Vulnerability (Studi Kasus di Bkpsdmd Kabupaten Kerinci),” INNOVATIVE: Journal Of Social Science Research, vol. 3, no. 4, pp. 9192–9203, 2023.

Y. Noviko Rahman, R. Maulana Hadi, M. Nabilah, M. Hanif Waskito, and N. Aini Rakhmawati, “Analisis Penggunaan Framework Website Jdih Khusus Peraturan Kementerian Republik Indonesia,” JURNAL TEKNOLOGI DAN OPEN SOURCE, vol. 3, no. 1, pp. 78–89, 2020.

D. Sudirman and Akma Nurul Yaqin, “Network Penetration dan Security Audit Menggunakan Nmap,” SATIN - Sains dan Teknologi Informasi, vol. 7, no. 1, pp. 32–44, Jun. 2021, doi: 10.33372/stn.v7i1.702.

N. Herawati, V. Budiyanto, and Uminingsih, “ANALISIS KEAMANAN SEBUAH DOMAIN MENGGUNAKAN OPEN WEB APPLICATION SECURITY PROJECT (OWASP) Zap,” JURNAL TEKNOLOGI TECHNOSCIENTIA, vol. 15, no. 2, pp. 27–36, Mar. 2023, doi: 10.34151/technoscientia.v15i2.4013.

P. Gio et al., “Analisis Perbandingan Tools SQL Injection Menggunakan SQLmap, SQLsus dan The Mole,” JURNAL INFORMATIK, vol. 18, no. 3, pp. 286–292, 2022.

A. W. Wardhana and H. B. Seta, “Analisis Keamanan Sistem Pembelajaran Online Menggunakan Metode ISSAF pada Website Universitas XYZ,” JURNAL INFORMATIK, vol. 17, no. 3, pp. 226–237, 2021.

R. Umar, I. Riadi, M. Ihya, and A. Elfatiha, “Analisis Keamanan Sistem Informasi Akademik Berbasis Web Menggunakan Framework ISSAF,” Jutisi: Jurnal Ilmiah Teknik Informatika dan Sistem Informasi, vol. 12, no. 1, pp. 280–292, 2023.


Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel Penetration Testing Information System Security Assessment Framework (ISSAF)

Dimensions Badge

ARTICLE HISTORY


Published: 2023-12-22
Abstract View: 351 times
PDF Download: 319 times