Website Security Analysis Using Vulnerability Assessment Method
Case Study: Universitas Internasional Batam
Abstract views: 83
,
PDF downloads: 60
Abstract
In today’s digital era, ensuring website security is crucial, especially in the education sector which is frequently targeted by cyber attacks. This research aims to test security of the Universitas Internasional Batam (UIB) website using OWASP ZAP and Nessus. The method will be used in this research was vulnerability assessment. It will involve gathering information with the tools such as, Nmap, whois and nslookup. OWASP ZAP detected 11 vulnerabilities, categorized into 6 medium level and 5 low level, including Content Security Policies (CSP) and anti-clickjacking headers. Otherwise, Nessus only detected one medium level vulnerability, the absence of HTTP Strict Transport Security (HSTS). The difference in detection results from the tools that OWASP ZAP is better at finding web application weakness that are consistent with the OWASP Top Ten 2021, while Nessus specifically targets server and network configuration. For educational institutions, these results emphasize the importance of conducting regular vulnerability assessment to protect sensitive data. Recommended action include implementing CSP to prevent Cross-site scripting (XSS) and other injection attacks, enforcing HSTS to secure communication, and its recommend to updating software to mitigate the unknown vulnerabilities. By adopting these measures, institutions can reduce their exposure to cyber attacks, its also can maintain user trust, and strengthen overall security. This research provides a pratical framework for stregthening the security of educational websites against evolving threats. These findings highlight that the importance of using multiple tools can provide a more comprehensive view of security gaps.
References
A. T. Haryanto, “APJII: jumlah pengguna internet Indonesia tembus 221 juta orang,” inet.detik.com. Accessed: Aug. 12, 2024. [Online]. Available: https://inet.detik.com/cyberlife/d-7169749/apjii-jumlah-pengguna-internet-indonesia-tembus-221-juta-orang
M. Adha, Z. D. KWA, and A. H. Muhammad, “Website security test at the university of mataram using vulnerability assessment,” JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), vol. 8, no. 2, pp. 647–655, May 2023, doi: 10.29100/jipi.v8i2.3830.
I. F. A. Ashari, M. Affandi, H. T. Putra, and M. T. Nur, “Security audit for vulnerability detection and mitigation of UPT Integrated Laboratory (ILab) ITERA website based on owasp Zed Attack Proxy (ZAP),” Jurnal JTIK (Jurnal Teknologi Informasi dan Komunikasi), vol. 7, no. 1, pp. 24–34, Jan. 2023, doi: 10.35870/jtik.v7i1.657.
S. A. Jawaid, “Cyber Security Threats to Educational Institutes: A Growing Concern for the New Era of Cybersecurity,” International Journal of Data Science and Big Data Analytics, vol. 2, no. 2, May 2023, doi: 10.51483/ijdsbda.2.2.2022.11-17.
Ş. S. Macakoğlu, S. Peker, and İ. T. Medeni, “Accessibility, usability, and security evaluation of universities’ prospective student web pages: a comparative study of Europe, North America, and Oceania,” Univers Access Inf Soc, vol. 22, no. 2, pp. 671–683, Jun. 2023, doi: 10.1007/s10209-022-00869-9.
M. Huda, “Analisis kualitas website universitas sebagai media informasi dengan metode webqual 4.0,” Jurnal Indonesia : Manajemen Informatika dan Komunikasi, vol. 4, no. 1, pp. 241–254, Jan. 2023, doi: 10.35870/jimik.v4i1.166.
N. A. Syarifudin and L. Setiyani, “Analysis of higher education SIAKAD website security gaps using the vulnerability assessment method,” International Journal of Multidisciplinary Approach Research and Science, vol. 1, no. 03, pp. 332–344, Aug. 2023, doi: 10.59653/ijmars.v1i03.177.
N. Sulisnawati, “Implementation of Open Web Application Security Project for Penetration Testing on Educational Institution Websites,” Jurnal Ilmiah Teknik Elektro Komputer dan Informatika (JITEKI), vol. 9, no. 2, pp. 250–267, 2023, doi: 10.26555/jiteki.v9i2.25987.
H. Hermanto and H. Haeruddin, “Peningkatan Sistem Keamanan Website Menggunakan Metode OWASP,” Jurnal Ilmu Komputer dan Bisnis, vol. 13, no. 1, pp. 94–104, May 2022, doi: 10.47927/jikb.v13i1.277.
A. Alhogail and M. Alkahtani, “Automated extension-based penetration testing for web vulnerabilities,” Procedia Comput Sci, vol. 238, pp. 15–23, 2024, doi: 10.1016/j.procs.2024.05.191.
N. Herawati, V. Budiyanto, and Uminingsih, “Analisis keamanan sebuah domain menggunakan open web application security project (OWASP) Zap,” JURNAL TEKNOLOGI TECHNOSCIENTIA, vol. 15, no. 2, pp. 27–37, Mar. 2023, doi: 10.34151/technoscientia.v15i2.4013.
F. P. E. Putra, U. Ubaidi, A. Hamzah, W. A. Pramadi, and A. Nuraini, “Systematic Literature Review: Security Gap Detection On Websites Using Owasp Zap,” Brilliance: Research of Artificial Intelligence, vol. 4, no. 1, pp. 348–355, Jul. 2024, doi: 10.47709/brilliance.v4i1.4227.
D. Priyawati, S. Rokhmah, and I. C. Utomo, “Website vulnerability testing and analysis of website application using OWASP,” International Journal of Computer and Information System (IJCIS), vol. 3, no. 3, pp. 143–147, Sep. 2022, doi: 10.29040/ijcis.v3i3.90.
J. Shahid, M. K. Hameed, I. T. Javed, K. N. Qureshi, M. Ali, and N. Crespi, “A comparative study of web application security parameters: current trends and future directions,” Applied Sciences, vol. 12, no. 8, p. 4077, Apr. 2022, doi: 10.3390/app12084077.
Riyan Farismana and Dian Pramadhana, “Perbandingan vulnerability assesment menggunakan owasp zap dan acunetix pada sistem informasi repositori politeknik negeri indramayu,” Jurnal Teknik Informatika dan Teknologi Informasi, vol. 3, no. 2, pp. 26–32, Aug. 2023, doi: 10.55606/jutiti.v3i2.2853.
I. Riadi, A. Yudhana, and Y. W, “Analisis keamanan website open journal system menggunakan metode vulnerability assessment,” Jurnal Teknologi Informasi dan Ilmu Komputer, vol. 7, no. 4, pp. 853–860, Aug. 2020, doi: 10.25126/jtiik.2020701928.
S. A. Putra, A. Budiono, and U. Y. K. S. Hediyanto, “Vulnerability assesment web proposal tugas akhir mahasiswa menggunakan acunetix dan NMAP,” e-Proceeding of Engineering, vol. 10, no. 2, pp. 1615–1622, 2023.
S. Eko Prasetyo and N. Hassanah, “Analisis keamanan website universitas internasional batam menggunakan metode ISSAF,” JURNAL ILMIAH INFORMATIKA, vol. 9, no. 02, pp. 82–86, Sep. 2021, doi: 10.33884/jif.v9i02.3758.
T. Adeniran et al., “Vulnerability assessment studies of existing knowledge-based authentication systems: a systematic review,” Sule Lamido University Journal of Science & Technology, vol. 8, no. 1, pp. 34–61, 2024, doi: 10.56471/slujst.v7i.485.
M. Rizkillah and F. Astutik, “Analisis Kerentanan Web Server pada Aplikasi Elearning (Studi Kasus Universitas Muhammadiyah Mataram),” 2023.
A. D. Tudosi, A. Graur, D. G. Balan, and A. D. Potorac, “Research on Security Weakness Using Penetration Testing in a Distributed Firewall,” Sensors, vol. 23, no. 5, Mar. 2023, doi: 10.3390/s23052683.
Copyright (c) 2024 Hendra Winata
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
