IT Support Website Security Evaluation Using Vulnerability Assessment Tools
DOI:
https://doi.org/10.51519/journalisi.v4i4.330Keywords:
Vulnerability Assessment, Website, VAPT Life CycleAbstract
Vulnerability Assessment is one of the crucial stages that must be carried out to define and identify vulnerabilities in web systems so that they can be repaired and reduced. The XYZ institution is new, so the Vulnerability Assessment is to minimize attacks from irresponsible parties. In this study, a Vulnerability Assessment of the IT Support website was carried out on XYZ institution using the Nessus tool. This study used the Vulnerability Assessment Penetration Testing (VAPT) Life Cycle method, which has six stages: scope, planning, scanning & vulnerability Analysis, exploitation, Privilege Escalation, and Generating Report. The results of this study obtained various vulnerabilities ranging from Low to Critical on the IT Support website at XYZ institution so that the IT Support party at XYZ institution to update PHP versions, JQuery and several other preventive steps reviewed in the discussion section.
Downloads
References
A. Budiman, S. Ahdan and M. Aziz, "Analisis Celah Keamanan Aplikasi Web E-Learning Universitas ABC Dengan Vulnerability Assesment," Jurnal Ilmu Komputer Unila, 2021.
Priatno and N. P. Ramadhani, "Sistem Informasi Peminjaman Pada Koperasi Kredit Sejahtera Cibinong," Jurnal Esensi Infokom, vol. 2, no. 2, pp. 54-60, 2018.
Guntoro, L. Costaner and Musfawati, "Analisis Keamanan Web Server Open Journal System (OJS) Menggunakan Metode ISSAF Dan OWASP (Studi Kasus OJS Universitas Lancang Kuning)," JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), Vols. Volume 05, Nomor 01,, 2020.
L. M. Gultom, "Analisis Celah Keamanan Website Instansi Pemerintahan Di Sumatera Utara," Jurnal Teknovasi, 2017.
Y. Mulyanto, E. Haryanti and Jumirah, "Analisis Keamanan Websitesman 1 Sumbawa Menggunakan Metode Vulnerability Asesement," JINTEKS (Jurnal Informatika Teknologi dan Sains), p. Vol. 3 No. 3, 2021.
I. Riadi, A. Yudhana and Y. W, "Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment," Jurnal Teknologi Informasi dan Ilmu Komputer (JTIIK), vol. 7, no. 4, pp. 853-860, 2020.
N. R., " Analisa Keamanan Internet Menggunakan Nessus Dan Ethereal Universitas Putra Indonesia “YPTK” Padang," J. Teknol. Inf. dan Pendidik., vol. 10, no. 3, pp. 11–25,, 2017.
M. Orisa and M. Ardita, "Vulnerability Assesment Untuk Meningkatkan Kualitas Keamanan Web," Jurnal MNEMONIC, vol. 4, no. 1, pp. 16-19, 2021.
A. Zirwan, "Pengujian dan Analisis Keamanan Website Menggunakan Acunetix Vulnerability Scanner," Jurnal Informasi & Teknologi, vol. 4, 2022.
D. Juardi, "Kajian Vulnerability Keamanan Jaringan Internet Menggunakan Nessus," SYNTAX Jurnal Informatika, 2017.
© 2022 Tenable®, Inc., "Tenable," [Online]. Available: https://www.tenable.com/plugins/was/112657.
Forum of Incident Response and Security Teams, "Common Vulnerability Scoring System v3.1: Specification Document," [Online]. Available: https://www.first.org/cvss/v3.1/specification-document.
M. Nasrullah, S. Suryawan, N. Istyanto, and T. Kristanto, “Risk Priority Analysis for Change Management on E-Government using RIPC4 and AHP”, journalisi, vol. 4, no. 1, pp. 16-29, Mar. 2022.
M. Nasrullah, N. D. Angresti, S. H. Suryawan, and Faizal Mahananto, “Requirement Engineering terhadap Virtual Team pada Proyek Software Engineering”, JAIIT, vol. 3, no. 1, pp. 1–10, May 2021.
T. Kristanto, M. Sholik, D. Rahmawati, and Muhammad Nasrullah, "Analisis Manajemen Keamanan Informasi Menggunakan Standard ISO 27001: 2005 Pada Staff IT Support Di Instansi XYZ", JISA (Jurnal Informatika dan Sains), vol. 2, no. 2, pp. 30-33, December 2019.
T. Kristanto, W. Maulana Hadiansyah and M. Nasrullah, "Analysis of Higher Education Performance Measurement Using Academic Scorecard and Analytical Hierarchy Process," 2020 Fifth International Conference on Informatics and Computing (ICIC), 2020, pp. 1-6, doi: 10.1109/ICIC50835.2020.9288628.
Downloads
Published
Issue
Section
License
Authors Declaration
- The Authors certify that they have read, understood, and agreed to the Journal of Information Systems and Informatics (JournalISI) submission guidelines, policies, and submission declaration. The submission has been prepared using the provided template.
- The Authors certify that all authors have approved the publication of this manuscript and that there is no conflict of interest.
- The Authors confirm that the manuscript is their original work, has not received prior publication, is not under consideration for publication elsewhere, and has not been previously published.
- The Authors confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
- The Authors confirm that the manuscript is not copied from or plagiarized from any other published work.
- The Authors declare that the manuscript will not be submitted for publication in any other journal or magazine until a decision is made by the journal editors.
- If the manuscript is finally accepted for publication, the Authors confirm that they will either proceed with publication immediately or withdraw the manuscript in accordance with the journal’s withdrawal policies.
- The Authors agree that, upon publication of the manuscript in this journal, they transfer copyright or assign exclusive rights to the publisher, including commercial rights
