IT Support Website Security Evaluation Using Vulnerability Assessment Tools

  • Rio Armando Institut Teknologi Telkom Surabaya, Indonesia
  • I G Ag Kom Agnam Melyantara Institut Teknologi Telkom Surabaya, Indonesia
  • Rizma Elfariani Institut Teknologi Telkom Surabaya, Indonesia
  • Desy Fitri Aulia Latuconsina Institut Teknologi Telkom Surabaya, Indonesia
  • Muhammad Nasrullah Institut Teknologi Telkom Surabaya, Indonesia
Keywords: Vulnerability Assessment, Website, VAPT Life Cycle

Abstract

Vulnerability Assessment is one of the crucial stages that must be carried out to define and identify vulnerabilities in web systems so that they can be repaired and reduced. The XYZ institution is new, so the Vulnerability Assessment is to minimize attacks from irresponsible parties. In this study, a Vulnerability Assessment of the IT Support website was carried out on XYZ institution using the Nessus tool. This study used the Vulnerability Assessment Penetration Testing (VAPT) Life Cycle method, which has six stages: scope, planning, scanning & vulnerability Analysis, exploitation, Privilege Escalation, and Generating Report. The results of this study obtained various vulnerabilities ranging from Low to Critical on the IT Support website at XYZ institution so that the IT Support party at XYZ institution to update PHP versions, JQuery and several other preventive steps reviewed in the discussion section.

Downloads

Download data is not yet available.

References

A. Budiman, S. Ahdan and M. Aziz, "Analisis Celah Keamanan Aplikasi Web E-Learning Universitas ABC Dengan Vulnerability Assesment," Jurnal Ilmu Komputer Unila, 2021.

Priatno and N. P. Ramadhani, "Sistem Informasi Peminjaman Pada Koperasi Kredit Sejahtera Cibinong," Jurnal Esensi Infokom, vol. 2, no. 2, pp. 54-60, 2018.

Guntoro, L. Costaner and Musfawati, "Analisis Keamanan Web Server Open Journal System (OJS) Menggunakan Metode ISSAF Dan OWASP (Studi Kasus OJS Universitas Lancang Kuning)," JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), Vols. Volume 05, Nomor 01,, 2020.

L. M. Gultom, "Analisis Celah Keamanan Website Instansi Pemerintahan Di Sumatera Utara," Jurnal Teknovasi, 2017.

Y. Mulyanto, E. Haryanti and Jumirah, "Analisis Keamanan Websitesman 1 Sumbawa Menggunakan Metode Vulnerability Asesement," JINTEKS (Jurnal Informatika Teknologi dan Sains), p. Vol. 3 No. 3, 2021.

I. Riadi, A. Yudhana and Y. W, "Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment," Jurnal Teknologi Informasi dan Ilmu Komputer (JTIIK), vol. 7, no. 4, pp. 853-860, 2020.

N. R., " Analisa Keamanan Internet Menggunakan Nessus Dan Ethereal Universitas Putra Indonesia “YPTK” Padang," J. Teknol. Inf. dan Pendidik., vol. 10, no. 3, pp. 11–25,, 2017.

M. Orisa and M. Ardita, "Vulnerability Assesment Untuk Meningkatkan Kualitas Keamanan Web," Jurnal MNEMONIC, vol. 4, no. 1, pp. 16-19, 2021.

A. Zirwan, "Pengujian dan Analisis Keamanan Website Menggunakan Acunetix Vulnerability Scanner," Jurnal Informasi & Teknologi, vol. 4, 2022.

D. Juardi, "Kajian Vulnerability Keamanan Jaringan Internet Menggunakan Nessus," SYNTAX Jurnal Informatika, 2017.

© 2022 Tenable®, Inc., "Tenable," [Online]. Available: https://www.tenable.com/plugins/was/112657.

Forum of Incident Response and Security Teams, "Common Vulnerability Scoring System v3.1: Specification Document," [Online]. Available: https://www.first.org/cvss/v3.1/specification-document.

M. Nasrullah, S. Suryawan, N. Istyanto, and T. Kristanto, “Risk Priority Analysis for Change Management on E-Government using RIPC4 and AHP”, journalisi, vol. 4, no. 1, pp. 16-29, Mar. 2022.

M. Nasrullah, N. D. Angresti, S. H. Suryawan, and Faizal Mahananto, “Requirement Engineering terhadap Virtual Team pada Proyek Software Engineering”, JAIIT, vol. 3, no. 1, pp. 1–10, May 2021.

T. Kristanto, M. Sholik, D. Rahmawati, and Muhammad Nasrullah, "Analisis Manajemen Keamanan Informasi Menggunakan Standard ISO 27001: 2005 Pada Staff IT Support Di Instansi XYZ", JISA (Jurnal Informatika dan Sains), vol. 2, no. 2, pp. 30-33, December 2019.

T. Kristanto, W. Maulana Hadiansyah and M. Nasrullah, "Analysis of Higher Education Performance Measurement Using Academic Scorecard and Analytical Hierarchy Process," 2020 Fifth International Conference on Informatics and Computing (ICIC), 2020, pp. 1-6, doi: 10.1109/ICIC50835.2020.9288628.

Published
2022-11-14
Abstract views: 295 times
Download PDF: 234 times
How to Cite
Armando, R., Melyantara, I. G. A. K., Elfariani, R., Latuconsina, D. F., & Nasrullah, M. (2022). IT Support Website Security Evaluation Using Vulnerability Assessment Tools. Journal of Information Systems and Informatics, 4(4), 949-957. https://doi.org/10.51519/journalisi.v4i4.330