IT Support Website Security Evaluation Using Vulnerability Assessment Tools
Vulnerability Assessment is one of the crucial stages that must be carried out to define and identify vulnerabilities in web systems so that they can be repaired and reduced. The XYZ institution is new, so the Vulnerability Assessment is to minimize attacks from irresponsible parties. In this study, a Vulnerability Assessment of the IT Support website was carried out on XYZ institution using the Nessus tool. This study used the Vulnerability Assessment Penetration Testing (VAPT) Life Cycle method, which has six stages: scope, planning, scanning & vulnerability Analysis, exploitation, Privilege Escalation, and Generating Report. The results of this study obtained various vulnerabilities ranging from Low to Critical on the IT Support website at XYZ institution so that the IT Support party at XYZ institution to update PHP versions, JQuery and several other preventive steps reviewed in the discussion section.
A. Budiman, S. Ahdan and M. Aziz, "Analisis Celah Keamanan Aplikasi Web E-Learning Universitas ABC Dengan Vulnerability Assesment," Jurnal Ilmu Komputer Unila, 2021.
Priatno and N. P. Ramadhani, "Sistem Informasi Peminjaman Pada Koperasi Kredit Sejahtera Cibinong," Jurnal Esensi Infokom, vol. 2, no. 2, pp. 54-60, 2018.
Guntoro, L. Costaner and Musfawati, "Analisis Keamanan Web Server Open Journal System (OJS) Menggunakan Metode ISSAF Dan OWASP (Studi Kasus OJS Universitas Lancang Kuning)," JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), Vols. Volume 05, Nomor 01,, 2020.
L. M. Gultom, "Analisis Celah Keamanan Website Instansi Pemerintahan Di Sumatera Utara," Jurnal Teknovasi, 2017.
Y. Mulyanto, E. Haryanti and Jumirah, "Analisis Keamanan Websitesman 1 Sumbawa Menggunakan Metode Vulnerability Asesement," JINTEKS (Jurnal Informatika Teknologi dan Sains), p. Vol. 3 No. 3, 2021.
I. Riadi, A. Yudhana and Y. W, "Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment," Jurnal Teknologi Informasi dan Ilmu Komputer (JTIIK), vol. 7, no. 4, pp. 853-860, 2020.
N. R., " Analisa Keamanan Internet Menggunakan Nessus Dan Ethereal Universitas Putra Indonesia “YPTK” Padang," J. Teknol. Inf. dan Pendidik., vol. 10, no. 3, pp. 11–25,, 2017.
M. Orisa and M. Ardita, "Vulnerability Assesment Untuk Meningkatkan Kualitas Keamanan Web," Jurnal MNEMONIC, vol. 4, no. 1, pp. 16-19, 2021.
A. Zirwan, "Pengujian dan Analisis Keamanan Website Menggunakan Acunetix Vulnerability Scanner," Jurnal Informasi & Teknologi, vol. 4, 2022.
D. Juardi, "Kajian Vulnerability Keamanan Jaringan Internet Menggunakan Nessus," SYNTAX Jurnal Informatika, 2017.
© 2022 Tenable®, Inc., "Tenable," [Online]. Available: https://www.tenable.com/plugins/was/112657.
Forum of Incident Response and Security Teams, "Common Vulnerability Scoring System v3.1: Specification Document," [Online]. Available: https://www.first.org/cvss/v3.1/specification-document.
M. Nasrullah, S. Suryawan, N. Istyanto, and T. Kristanto, “Risk Priority Analysis for Change Management on E-Government using RIPC4 and AHP”, journalisi, vol. 4, no. 1, pp. 16-29, Mar. 2022.
M. Nasrullah, N. D. Angresti, S. H. Suryawan, and Faizal Mahananto, “Requirement Engineering terhadap Virtual Team pada Proyek Software Engineering”, JAIIT, vol. 3, no. 1, pp. 1–10, May 2021.
T. Kristanto, M. Sholik, D. Rahmawati, and Muhammad Nasrullah, "Analisis Manajemen Keamanan Informasi Menggunakan Standard ISO 27001: 2005 Pada Staff IT Support Di Instansi XYZ", JISA (Jurnal Informatika dan Sains), vol. 2, no. 2, pp. 30-33, December 2019.
T. Kristanto, W. Maulana Hadiansyah and M. Nasrullah, "Analysis of Higher Education Performance Measurement Using Academic Scorecard and Analytical Hierarchy Process," 2020 Fifth International Conference on Informatics and Computing (ICIC), 2020, pp. 1-6, doi: 10.1109/ICIC50835.2020.9288628.
Download PDF: 679 times
- I certify that I have read, understand and agreed to the Journal of Information Systems and Informatics (Journal-ISI) submission guidelines, policies and submission declaration. Submission already using the provided template.
- I certify that all authors have approved the publication of this and there is no conflict of interest.
- I confirm that the manuscript is the authors' original work and the manuscript has not received prior publication and is not under consideration for publication elsewhere and has not been previously published.
- I confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
- I confirm that the paper now submitted is not copied or plagiarized version of some other published work.
- I declare that I shall not submit the paper for publication in any other Journal or Magazine till the decision is made by journal editors.
- If the paper is finally accepted by the journal for publication, I confirm that I will either publish the paper immediately or withdraw it according to withdrawal policies
- I Agree that the paper published by this journal, I transfer copyright or assign exclusive rights to the publisher (including commercial rights)