Analisis Kerentanan Serangan Cross Site Scripting (XSS) pada Aplikasi Smart Payment Menggunakan Framework OWASP

Authors

  • Imam Riadi Universitas Ahmad Dahlan
  • Rusydi Umar
  • Tri Lestari

DOI:

https://doi.org/10.14421/jiska.2020.53-02

Abstract

E-commerce that is growing so rapidly can provide space for unauthorized parties in carrying out cybercrime, security anticipation is needed so that e-commerce applications can be protected from harassment or hacking attacks such as cross-site scripting (XSS), malware, exploits, and database injection. This research was conducted to determine the vulnerability of the Smart Payment application by self-test using the ZAP tool. This test is carried out to secure applications that serve as recommendations for follow-up in securing the Smart Payment application. The results of this study found vulnerabilities in the Smart Payment application. Vulnerabilities found were Information Disclosure-Suspicious Comments, X-Frame-Options Header not Set, X-Content-Type-Options Header Missing, Timestamp Disclosure-Unix, XSS Protection Not Enabled Web Browsers, and Directory Browsing. In addition to obtaining vulnerabilities from the Smart Payment application, solutions are also provided to overcome vulnerabilities in the Smart Payment application.

  

Author Biographies

Imam Riadi, Universitas Ahmad Dahlan

Imam Riadi adalah Dosen Sistem Informasi Universitas Ahmad Dahlan

Rusydi Umar

Rusydi Umar adalah Dosen Teknik Informatika Universitas Ahmad Dahlan Yogyakarta

Tri Lestari

Tri Lestari adalah mahasiswi Magister Teknik Informatika Universitas Ahmad Dahlan

References

Alia, T., & Irwansyah, I. (2018). Pendampingan Orang Tua pada Anak Usia Dini dalam Penggunaan Teknologi Digital. A Journal of Language, Literature, Culture and Education, 14(1), 65. https://doi.org/10.19166/pji.v14i1.639

Dewanto, A. P. (2018). Penetration Testing padaDomain uii.ac.id Menggunakan OWASP 10.

Ghozali, B., Kusrini, & Sudarmawan. (2019). Mendeteksi Kerentanan Keamanan Aplikasi Website Menggunakan Metode Owasp (Open Web Application Security Project) untuk Penilaian Risk Rating. January. https://doi.org/10.24076/citec.2017v4i4.119

Iqbaludin, Ferdiansyah, D., & Kurniawan, I. (2018). Pengujian Celah Keamanan pada Website Captive Portal dengan Menerapkan Penetration Testing (Studi Kasus: Teknik Informatika Universitas Pasundan). Universitas Pasundan.

Muhammad, A. W., Riadi, I., & Sunardi, S. (2017). Deteksi Serangan DDoS Menggunakan Neural Network dengan Fungsi Fixed Moving Average Window. JISKA (Jurnal Informatika Sunan Kalijaga), 1(3), 115. https://doi.org/10.14421/jiska.2017.13-03

Mumtahana, H. A., Nita, S., & Tito, A. W. (2017). Pemanfaatan Web E-Commerce untuk Meningkatkan Strategi Pemasaran. Khazanah Informatika: Jurnal Ilmu Komputer Dan Informatika, 3(1), 6. https://doi.org/10.23917/khif.v3i1.3309

Pradana, M. (2016). Klasifikasi Bisnis E-Commerce Di Indonesia. Modus, 27(2), 163. https://doi.org/10.24002/modus.v27i2.554

Sunardi, Riadi, I., & Raharja, P. A. (2019). Vulnerability analysis of E-voting application using open web application security project (OWASP) framework. International Journal of Advanced Computer Science and Applications, 10(11), 135–143. https://doi.org/10.14569/IJACSA.2019.0101118

Syarifudin, I. (2018). Pentesting dan Analisis Keamanan Web Paud Dikmas. April.

Umar, R., Riadi, I., & Zamroni, G. M. (2018). Mobile Forensic Tools Evaluation for Digital Crime Investigation. International Journal on Advanced Science, Engineering and Information Technology, June. https://doi.org/10.18517/ijaseit.8.3.3591

W, Y., Riadi, I., & Yudhana, A. (2016). Analisis Keamanan Webserver Menggunakan Metode Penetrasi Testing (PENTEST). Annual Research Seminar, 2(1), 300–304.

Wahyudi. (2019). Analisa Pengujian Kerentanan Terhadap Web Server SIMAK (Studi Kasus : STMIK Kharisma Karawang). Jurnal Teknologi Informasi, 5(1).

Yunus, M. (2019). Analisis Kerentanan Aplikasi Berbasis WEB Menggunakan Kombinasi Security Tools Project Berdasarkan Framework OWASP Versi 4.

Downloads

Published

2020-11-10

How to Cite

Riadi, I., Umar, R., & Lestari, T. (2020). Analisis Kerentanan Serangan Cross Site Scripting (XSS) pada Aplikasi Smart Payment Menggunakan Framework OWASP. JISKA (Jurnal Informatika Sunan Kalijaga), 5(3), 146–152. https://doi.org/10.14421/jiska.2020.53-02