Blackbox Testing Sistem Informasi Absensi Pegawai Karawang Dengan Metode Top 10 Owasp Attack
Abstract
Website-based applications have recently been widely used by the public. As a result, there are more and more data leaks in several website-based applications. In 2021 alone, there have been several cases, such as BPJS Kesehatan which experienced a population data leak of 279 million. Data leaks can occur due to various factors such as Human Error or lack of knowledge of company staff on data privacy. Then another factor is malicious software or what we usually call malware. A software that is inserted into the system to damage and steal important data. Entering malware into the system is very difficult if done manually, therefore usually this malware is entered through the internet network. In this study, the methodology used is Penetration Testing from OWASP with a specific method, namely Penetration Testing Execution Standard (PTES) which was adapted from a group of information security practitioners. After conducting tests to find vulnerabilities in the Employee Attendance Information System using the OWASP TOP 10 (2021) method, 3 categories of vulnerabilities were found, namely Identification and Authentication Failures with medium severity, Insecure Design with low severity, and Security Misconfiguration with critical severity. It is recommended that in the future attack techniques are carried out other than using available applications/tools (open source/official tools), namely social engineering, email spamming, etc.
References
Anggi Elanda, R. L. (2020). ANALISIS KEAMANAN SISTEM INFORMASI BERBASIS WEBSITE DENGAN METODE OPEN WEB APPLICATION SECURITY PROJECT (OWASP) VERSI 4: SYSTEMATIC REVIEW. CESS (Journal of Computer Engineering System and Science) , 185-191.
Bekti. (2022, May 8). Pengertian Website – Sejarah, Jenis, Manfaat, Unsur, Tahapan, Fungsi, Para Ahli. Retrieved from gurupendidikan: https://www.gurupendidikan.co.id/pengertian-website/
Devi Rizky Septani, N. W. (2016). Investigasi Serangan Malware Njrat Pada PC . Jurnal Edukasi dan Penelitian Informatika (JEPIN), 123.
Febiharsa, D. (2018). UJI FUNGSIONALITAS (BLACKBOX TESTING) SISTEM INFORMASI LEMBAGA SERTIFIKASI PROFESI (SILSP) BATIK DENGAN APPPERFECT WEB TEST DAN UJI BATIK DENGAN APPPERFECT WEB TEST DAN UJI . Journal of Informatics Education, 117-126.
Guntoro, L. C. (2020). ANALISIS KEAMANAN WEB SERVER OPEN JOURNAL SYSTEM (OJS) MENGGUNAKAN METODE ISSAF DAN OWASP (STUDI KASUS OJS UNIVERSITAS LANCANG KUNING). JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), 46.
I Gede Ary Suta Sanjaya, G. M. (2020). Evaluasi Keamanan Website Lembaga X Melalui Penetration Testing Menggunakan Framework ISSAF . JURNAL ILMIAH MERPATI VOL. 8, 113.
Kuncoro, A. W. (2022). Analisis Metode Open Web Application Security Project (OWASP) pada Pengujian Keamanan Website: Literature Review. Yogyakarta.
M. Sidi Mustaqbal, R. F. (2015). PENGUJIAN APLIKASI MENGGUNAKAN BLACK BOX TESTING BOUNDARY VALUE ANALYSIS (Studi Kasus : Aplikasi Prediksi Kelulusan SNMPTN). Jurnal Ilmiah Teknologi Informasi Terapan, 31-36.
OWASP. (2021). A01:2021 – Kerusakan Akses Kontrol. Retrieved from OWASP TOP 10:2021: https://owasp.org/Top10/id/A01_2021-Broken_Access_Control/
OWASP. (2021). A04:2021 – Insecure Design. Retrieved from OWASP: https://owasp.org/Top10/id/A04_2021-Insecure_Design/
RINALDY GUNAWAN, D. F. (2016). ANALISIS SERANGAN MALWARE PADA KEAMANAN JARINGAN KOMPUTER. Institutional repositories & scientific journals.
Technology, N. I. (2021, September 24). NIST Password Guidelines: The New Requirements You Need to Know. Retrieved from AUDITBOARD: https://www.auditboard.com/blog/nist-password-guidelines/
Umi Salamah, F. N. (2017). Pengujian Sistem Informasi Penjualan Undangan Pernikahan Online Berbasis Web Menggunakan Black Box Testing. INFORMATION MANAGEMENT FOR EDUCATORS AND PROFESSIONALS, 35-46.
Yudiana, A. E. (2021). ANALISIS KUALITAS KEAMANAN SISTEM INFORMASI E-OFFICE BERBASIS WEBSITE PADA STMIK ROSMA DENGAN MENGGUNAKAN OWASP TOP 10. CESS (Journal of Computer Engineering System and Science), 185.
Yudiana, A. E. (2021). ANALISIS KUALITAS KEAMANAN SISTEM INFORMASI E-OFFICE BERBASIS WEBSITE PADA STMIK ROSMA DENGAN MENGGUNAKAN OWASP TOP 10. CESS (Journal of Computer Engineering System and Science), 188.
Yuhefizar. (2022, May 8). Pengertian Website – Sejarah, Jenis, Manfaat, Unsur, Tahapan, Fungsi, Para Ahli. Retrieved from gurupendidikan: https://www.gurupendidikan.co.id/pengertian-website/
Organization, P.-S. (2014, Agustus 16). Main Page : High Level Organization of the Standard. Dipetik Juni 25, 2019, dari The Penetration Testing
Fatmawati, Irviani, R., Septiana, E., Sinthiya, I. P., & Kristina, M. (2016). Tata Kelola Teknologi Informasi Sebagai Implementassi E-Government pada Kabupaten Pemekaran untuk Meningkatkan Potensi Daerah. Prosiding Seminar Nasional Pendidikan Teknik Informatika, 249-257.
Nimda. (2019, Januari 1). Keamanan Web. Diambil kembali dari Universitas Pasundan: http://www.unpas.ac.id/keamanan-web/
Stuttard. (2012). Celah Keamanan Pada Aplikasi Website, 3. Vulnerability Bugs.
