Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Journal of Informatics and Vocational Education
Muhammad Rifqy Abdallah
Universitas Sebelas Maret
Computer Science & IT Education Social Sciences

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Security Analysis of Web-based Information Systems Through Vulnerability Assessment  Using the Framework of OWASP Web Security Testing Guide and Common Vulnerability Scoring System Muhammad Rifqy Abdallah; Puspanda Hatta; Cucuk Wawan Budiyanto
Journal of Informatics and Vocational Education Vol. 7 No. 3 (2024): Journal of Informatics and Vocational Education - November
Publisher : Informatics Education Department, Faculty of Teacher Training and Education, Universitas Sebelas Maret

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.20961/joive.v7i3.2411

Abstract

The technology of web-based information systems continues to develop and has been adopted by many organizations, including higher education institutes. However, this technology carries inherent security risks, making regular security analysis essential. This research presents a case study of eight web-based information systems at a higher education institution to assess the security condition of each system individually and its overall characteristics, as well as to construct an advanced strategy for maintaining and optimizing system security. The security analysis was conducted using a mixed-method approach: qualitatively through the OWASP Web Security Testing Guide framework across four categories (Information Gathering, Configuration and Deployment Management Testing, Session Management Testing, and Client-side Testing); and quantitatively through Common Vulnerability Scoring System (CVSS) calculations. All information systems tested were found to be vulnerable, though with varying levels of severity. Vulnerability discovery ratios ranged from a low of 8% (with a 'Low' severity level) to a high of 31% (with severity levels reaching 'Critical'). Overall, systems based on a Content Management System (CMS) were found to be less vulnerable compared to those built on non-CMS frameworks. Based on the discovered vulnerabilities, follow-up recommendations were constructed to serve as a reference for improving and optimizing the systems' security.
Co-Authors Cucuk Wawan Budiyanto Puspanda Hatta