Analisis Kerentanan Serangan Cross Site Scripting (XSS) pada Aplikasi Smart Payment Menggunakan Framework OWASP
DOI:
https://doi.org/10.14421/jiska.2020.53-02Abstract
E-commerce that is growing so rapidly can provide space for unauthorized parties in carrying out cybercrime, security anticipation is needed so that e-commerce applications can be protected from harassment or hacking attacks such as cross-site scripting (XSS), malware, exploits, and database injection. This research was conducted to determine the vulnerability of the Smart Payment application by self-test using the ZAP tool. This test is carried out to secure applications that serve as recommendations for follow-up in securing the Smart Payment application. The results of this study found vulnerabilities in the Smart Payment application. Vulnerabilities found were Information Disclosure-Suspicious Comments, X-Frame-Options Header not Set, X-Content-Type-Options Header Missing, Timestamp Disclosure-Unix, XSS Protection Not Enabled Web Browsers, and Directory Browsing. In addition to obtaining vulnerabilities from the Smart Payment application, solutions are also provided to overcome vulnerabilities in the Smart Payment application.
References
Alia, T., & Irwansyah, I. (2018). Pendampingan Orang Tua pada Anak Usia Dini dalam Penggunaan Teknologi Digital. A Journal of Language, Literature, Culture and Education, 14(1), 65. https://doi.org/10.19166/pji.v14i1.639
Dewanto, A. P. (2018). Penetration Testing padaDomain uii.ac.id Menggunakan OWASP 10.
Ghozali, B., Kusrini, & Sudarmawan. (2019). Mendeteksi Kerentanan Keamanan Aplikasi Website Menggunakan Metode Owasp (Open Web Application Security Project) untuk Penilaian Risk Rating. January. https://doi.org/10.24076/citec.2017v4i4.119
Iqbaludin, Ferdiansyah, D., & Kurniawan, I. (2018). Pengujian Celah Keamanan pada Website Captive Portal dengan Menerapkan Penetration Testing (Studi Kasus: Teknik Informatika Universitas Pasundan). Universitas Pasundan.
Muhammad, A. W., Riadi, I., & Sunardi, S. (2017). Deteksi Serangan DDoS Menggunakan Neural Network dengan Fungsi Fixed Moving Average Window. JISKA (Jurnal Informatika Sunan Kalijaga), 1(3), 115. https://doi.org/10.14421/jiska.2017.13-03
Mumtahana, H. A., Nita, S., & Tito, A. W. (2017). Pemanfaatan Web E-Commerce untuk Meningkatkan Strategi Pemasaran. Khazanah Informatika: Jurnal Ilmu Komputer Dan Informatika, 3(1), 6. https://doi.org/10.23917/khif.v3i1.3309
Pradana, M. (2016). Klasifikasi Bisnis E-Commerce Di Indonesia. Modus, 27(2), 163. https://doi.org/10.24002/modus.v27i2.554
Sunardi, Riadi, I., & Raharja, P. A. (2019). Vulnerability analysis of E-voting application using open web application security project (OWASP) framework. International Journal of Advanced Computer Science and Applications, 10(11), 135–143. https://doi.org/10.14569/IJACSA.2019.0101118
Syarifudin, I. (2018). Pentesting dan Analisis Keamanan Web Paud Dikmas. April.
Umar, R., Riadi, I., & Zamroni, G. M. (2018). Mobile Forensic Tools Evaluation for Digital Crime Investigation. International Journal on Advanced Science, Engineering and Information Technology, June. https://doi.org/10.18517/ijaseit.8.3.3591
W, Y., Riadi, I., & Yudhana, A. (2016). Analisis Keamanan Webserver Menggunakan Metode Penetrasi Testing (PENTEST). Annual Research Seminar, 2(1), 300–304.
Wahyudi. (2019). Analisa Pengujian Kerentanan Terhadap Web Server SIMAK (Studi Kasus : STMIK Kharisma Karawang). Jurnal Teknologi Informasi, 5(1).
Yunus, M. (2019). Analisis Kerentanan Aplikasi Berbasis WEB Menggunakan Kombinasi Security Tools Project Berdasarkan Framework OWASP Versi 4.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms as stated in http://creativecommons.org/licenses/by-nc/4.0
a. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
b. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
c. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.