Web Application Vulnerability Analysis Using the OWASP Method (Case Study: OJS CSFD UIN Sunan Kalijaga Yogyakarta)

Abstract

The Cyber Security and Digital Forensics (CSFD) Open Journal System (OJS) website owned by the information technology center and database (PTIPD) Islamic University Negri Sunan Kalijaga Yogyakarta is a software content management system (CMS) application that is intended as a media and means of research publications from academic research. Web-based applications that are not properly monitored will have the impact of being attacked by attackers. Vulnerability gaps that have been found by irresponsible attackers will have a very bad impact on the performance of the website application. From the summary of the results of the vulnerability scan, the researcher did not find high status vulnerability gaps using Aucentix tools, the researcher only found 18 vulnerability gaps at the medium risk level, 8 vulnerability gaps at low level and 10 informational vulnerability loopholes. As a comparison, the researchers conducted another scan using the OWAS-ZAP (Zed Attack Proxy) tool and found 17 vulnerabilities with details: 1 with high status, 4 with medium status, 8 with low status and 4 with informational status. The research is based on the OWASP Top-10 method as a measure and parameter in testing using penetration testing. researchers got 1 test result with successful status, namely Using Components with Known Vulnerabilities. Then the researcher found 1 type of vulnerability with posibility status, namely Sensitive Data Exposure with finding data that was not sensitive and 8 vulnerabilities that were not discovered, including: 1. Broken Authentication, 2. Cross-Site Scripting, 3. Security Misconfiguration, 4. Insufficient Logging and Monitoring, 5. Broken Access Control, 6. SQL Injection, 7. XML External Entities , 8. Insecure Deserialization.