利用渗透测试的方法,利用信息系统评估框架(ISSAF)和开放WEB应用程序安全版本4 (OWASPv4)对网站进行安全分析

Ditya Putri Anggraeni, Bita Parga Zen, Mega Pranata
{"title":"利用渗透测试的方法,利用信息系统评估框架(ISSAF)和开放WEB应用程序安全版本4 (OWASPv4)对网站进行安全分析","authors":"Ditya Putri Anggraeni, Bita Parga Zen, Mega Pranata","doi":"10.33172/jp.v8i3.1777","DOIUrl":null,"url":null,"abstract":"At this time in the rapid development of technology, there must be advantages and disadvantages of a system or technology that was created. Within the scope of the website, there are also many security holes that irresponsible parties can enter. The state of the website at the Telkom Purwokerto Institute of Technology, both University and Faculty websites, already uses Hypertext Transfers Protocol Secure (HTTPS). This study used the Information System Security Assessment Framework (ISSAF) and Open Web Application Project (OWASP) frameworks with the Penetration Testing method. This study aims to determine vulnerabilities on the website s1if.ittelkom-pwt.ac.id. The result of performing vulnerabilities is several vulnerabilities to the Institut Teknologi Telkom Purwokerto (ITTP) Informatics Study Program website, including not updating jquery on the ITTP website. Ten tests have been carried out, five tests using ISSAF and five tests using OWSP version 4. When performing vulnerabilities in the ISSAF framework, found robots files.txt on the S1 Informatics website which is quite crucial for s1if.ittelkom-pwt.ac.id website which contains an exploitable sitemap. ","PeriodicalId":52819,"journal":{"name":"Jurnal Pertahanan Media Informasi tentang Kajian dan Strategi Pertahanan yang Mengedepankan Identity Nasionalism Integrity","volume":"50 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2022-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"SECURITY ANALYSIS ON WEBSITES USING THE INFORMATION SYSTEM ASSESSMENT FRAMEWORK (ISSAF) AND OPEN WEB APPLICATION SECURITY VERSION 4 (OWASPv4) USING THE PENETRATION TESTING METHOD\",\"authors\":\"Ditya Putri Anggraeni, Bita Parga Zen, Mega Pranata\",\"doi\":\"10.33172/jp.v8i3.1777\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"At this time in the rapid development of technology, there must be advantages and disadvantages of a system or technology that was created. Within the scope of the website, there are also many security holes that irresponsible parties can enter. The state of the website at the Telkom Purwokerto Institute of Technology, both University and Faculty websites, already uses Hypertext Transfers Protocol Secure (HTTPS). This study used the Information System Security Assessment Framework (ISSAF) and Open Web Application Project (OWASP) frameworks with the Penetration Testing method. This study aims to determine vulnerabilities on the website s1if.ittelkom-pwt.ac.id. The result of performing vulnerabilities is several vulnerabilities to the Institut Teknologi Telkom Purwokerto (ITTP) Informatics Study Program website, including not updating jquery on the ITTP website. Ten tests have been carried out, five tests using ISSAF and five tests using OWSP version 4. When performing vulnerabilities in the ISSAF framework, found robots files.txt on the S1 Informatics website which is quite crucial for s1if.ittelkom-pwt.ac.id website which contains an exploitable sitemap. \",\"PeriodicalId\":52819,\"journal\":{\"name\":\"Jurnal Pertahanan Media Informasi tentang Kajian dan Strategi Pertahanan yang Mengedepankan Identity Nasionalism Integrity\",\"volume\":\"50 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Jurnal Pertahanan Media Informasi tentang Kajian dan Strategi Pertahanan yang Mengedepankan Identity Nasionalism Integrity\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.33172/jp.v8i3.1777\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Jurnal Pertahanan Media Informasi tentang Kajian dan Strategi Pertahanan yang Mengedepankan Identity Nasionalism Integrity","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.33172/jp.v8i3.1777","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

摘要

在这个技术飞速发展的时代,必然有一种制度或技术的优点和缺点被创造出来。在网站的范围内,也有很多安全漏洞,不负责任的人可以进入。Telkom Purwokerto理工学院的网站状态,大学和学院网站都已经使用超文本传输安全协议(HTTPS)。本研究采用信息系统安全评估框架(ISSAF)和开放Web应用程序项目(OWASP)框架,并采用渗透测试方法。本研究旨在确定s1if.ittelkom-pwt.ac.id网站上的漏洞。执行漏洞的结果是对Institut Teknologi Telkom purworker (ITTP)信息学研究计划网站的几个漏洞,包括不更新ITTP网站上的jquery。已经进行了10次测试,其中5次使用ISSAF, 5次使用OWSP第4版。在ISSAF框架中执行漏洞时,在S1 Informatics网站上发现了robots files.txt,这对S1 . if.ittelkom-pwt.ac非常重要。Id网站,其中包含一个可利用的站点地图。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
SECURITY ANALYSIS ON WEBSITES USING THE INFORMATION SYSTEM ASSESSMENT FRAMEWORK (ISSAF) AND OPEN WEB APPLICATION SECURITY VERSION 4 (OWASPv4) USING THE PENETRATION TESTING METHOD
At this time in the rapid development of technology, there must be advantages and disadvantages of a system or technology that was created. Within the scope of the website, there are also many security holes that irresponsible parties can enter. The state of the website at the Telkom Purwokerto Institute of Technology, both University and Faculty websites, already uses Hypertext Transfers Protocol Secure (HTTPS). This study used the Information System Security Assessment Framework (ISSAF) and Open Web Application Project (OWASP) frameworks with the Penetration Testing method. This study aims to determine vulnerabilities on the website s1if.ittelkom-pwt.ac.id. The result of performing vulnerabilities is several vulnerabilities to the Institut Teknologi Telkom Purwokerto (ITTP) Informatics Study Program website, including not updating jquery on the ITTP website. Ten tests have been carried out, five tests using ISSAF and five tests using OWSP version 4. When performing vulnerabilities in the ISSAF framework, found robots files.txt on the S1 Informatics website which is quite crucial for s1if.ittelkom-pwt.ac.id website which contains an exploitable sitemap. 
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
27
审稿时长
12 weeks
期刊最新文献
Implementation of Artificial Intelligence on Indonesia’s Defense Intelligence Activities Empowering the Association of Indonesian National Private Defense Industries (Pinhantanas) to Build the Independence of the Defense Industry Defense Philosophy Perspectives on the Action of the Indonesian Defense Forces Army (PETA) in Blitar in Indonesian History Education Curriculum Indonesia's Economic Advancement through Leveraging the Geopolitical Rivalry and Geostrategic between the USA and China in the Indo-Pacific Region Examining the Participation of Female Peacekeepers in the United Nations Peacekeeping Operations: The Contributions of Islamic Countries
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1