Analisis Keamanan Sistem Informasi Pusaka Magelang Menggunakan Open Web Application Security Project (OWASP) Dan Information Systems Security Assessment Framework (ISSAF)
DOI:
https://doi.org/10.14421/csecurity.2024.7.1.4555Abstract
Satu dasawarsa terakhir indonesia telah memiliki pengguna internet sebanyak 174 juta, peningkatan sebesar 17% internet usage dalam kurun waktu satu tahun. Peningkatan juga dipengaruhi oleh tumbuhnya 25 juta komunitas online selama bulan januari 2020. Lonjakan pengguna internet ini menunjukkan kesiapan indonesia dalam mengadopsi praktik E-government. Diskominfo magelang yang merupakan sebuah layanan pemerintahan daerah telah membuat kemajuan dalam memanfaatkan teknologi informasi dan komunikasi. Teknologi yang dihasilkan adalah sebuah web sistem informasi bernama “Pusaka Magelang”. Dalam memperkuat keamanan situs web pusaka magelang, maka diperlukan proses security assesment. Proses ini memerlukan sebuah framework OWASP dan ISSAF. Dengan menggunakan metode eksperimen, hasil pengujian menggunakan OWASP berhasil mengidentifikasi sebanyak 27 kerentanan dengan rincian 5 severity high, 5 severity medium 11 severity low dan 7 informational. Dari kerentanan yang ditemukan kemudian ditindak lanjuti dengan menilai tingkat risiko menggunakan OWASP Risk Rating diperoleh hasil skor likelihood sebesar 5,678 dan impact sebesar 5,9. Terakhir proses pengujian menggunakan kerangka ISSAF berhasil menemukan celah sensitive data exposure berupa info.php() yang bisa diakses secara publik sedangkan pengujian menggunakan teknik SQL Injection gagal dilakukan karena tidak berhasil mendapatkan database target.
Kata kunci: Internet Usage, Vulnerability Assessment, E-government, Vulnerability Assesment, OWASP, ISSAF.
-----------------------------------------
In the last decade Indonesia has had 174 million internet users, a 17% increase in internet usage in one year. The increase was also influenced by the growth of 25 million online communities during January 2020. This surge in internet users shows Indonesia's readiness to adopt E-government practices. Diskominfo Magelang, which is a local government service, has made progress in utilizing information and communication technology. The resulting technology is a web information system called “Pusaka Magelang”. In strengthening the security of the Pusaka Magelang website, a security assessment process is required. This process requires an OWASP and ISSAF framework. Using the experimental method, the test results using OWASP successfully identified 27 vulnerabilities with details of 5 high severity, 5 medium severity 11 low severity and 7 informational. From the vulnerabilities found, it was then followed up by assessing the level of risk using the OWASP Risk Rating, resulting in a likelihood score of 5.678 and an impact of 5.9. Finally, the testing process using the ISSAF framework succeeded in finding sensitive data exposure in the form of info.php() which can be accessed publicly while testing using SQL Injection techniques failed because it did not succeed in getting the target database.
Keywords: Internet Usage, Vulnerability Assessment, E-government, Vulnerability Assesment, OWASP, ISSAF
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 SAEROZI ALFAN NUGROHO, Tri Rochmadi
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)
You are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
Under the following terms:
- Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
