Article Per Year (5 Year)
p-Index From 2020 - 2025
1.203
P-Index
This Author published in this journals
All Journal Jurnal Teknologi Informasi dan Ilmu Komputer Edu Komputika Journal JOIV : International Journal on Informatics Visualization Teknika Jurnal Pelita Pengabdian
Sunaringtyas, Septia Ulfa
Unknown Affiliation
Religion Aerospace Engineering Agriculture, Biological Sciences & Forestry Humanities Astronomy Civil Engineering, Building, Construction & Architecture Computer Science & IT Education Electrical & Electronics Engineering Engineering

Published : 6 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 6 Documents
Search

 1 
Implementasi Penetration Testing Execution Standard Untuk Uji Penetrasi Pada Layanan Single Sign-On Sunaringtyas, Septia Ulfa; Prayoga, Djodi Surya
Edu Komputika Journal Vol 8 No 1 (2021): Edu Komputika Journal
Publisher : Jurusan Teknik Elektro Universitas Negeri Semarang

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.15294/edukomputika.v8i1.47179

Abstract

Increasing the use of single sign-on technology by electronic-based service providers in addition to providing benefits also creates vulnerability. Penetration testing needed to identify vulnerabilities and test system security by exploiting those vulnerabilities. This research implements the Penetration Testing Execution Standard (PTES) for penetration testing of single singn-on services. Seven stages of the penetration test had done and 12 vulnerabilities were identified, consisting of 3 medium vulnerabilities, 6 low vulnerabilities and 3 information vulnerabilities. Six cyberattacks have been carried out to exploit the vulnerability with the result of 3 successful attacks and 3 failed attacks. Based on the results of the vulnerability and exploitation analysis, recommendations are given consist of regular updating and patching efforts, configuration of the CSP header and content-type-option header on the web server and application server, validation of the host header configuration, x-content-type-options header and deactivation. x-forwarded- hosted on every web page, configure 'secure' flag on cookies, add metacharacter filter feature in source code, and limit login attempts. The results of the PTES’s implementation are proven to make it easier for testers to carry out penetration tests and effectively prevent disputes between testers and clients due to differences in the scope of testing.
Implementasi Penetration Testing Execution Standard Untuk Uji Penetrasi Pada Layanan Single Sign-On Sunaringtyas, Septia Ulfa; Prayoga, Djodi Surya
Edu Komputika Journal Vol 8 No 1 (2021): Edu Komputika Journal
Publisher : Jurusan Teknik Elektro Universitas Negeri Semarang

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.15294/edukomputika.v8i1.47179

Abstract

Increasing the use of single sign-on technology by electronic-based service providers in addition to providing benefits also creates vulnerability. Penetration testing needed to identify vulnerabilities and test system security by exploiting those vulnerabilities. This research implements the Penetration Testing Execution Standard (PTES) for penetration testing of single singn-on services. Seven stages of the penetration test had done and 12 vulnerabilities were identified, consisting of 3 medium vulnerabilities, 6 low vulnerabilities and 3 information vulnerabilities. Six cyberattacks have been carried out to exploit the vulnerability with the result of 3 successful attacks and 3 failed attacks. Based on the results of the vulnerability and exploitation analysis, recommendations are given consist of regular updating and patching efforts, configuration of the CSP header and content-type-option header on the web server and application server, validation of the host header configuration, x-content-type-options header and deactivation. x-forwarded- hosted on every web page, configure 'secure' flag on cookies, add metacharacter filter feature in source code, and limit login attempts. The results of the PTES’s implementation are proven to make it easier for testers to carry out penetration tests and effectively prevent disputes between testers and clients due to differences in the scope of testing.
Cyberaksi 3.0 Empowering Cybersecurity Skill Arizal; Amiruddin; Priambodo, Dimas Febriyan; Sidabutar, Jeckson; Hikmah, Ira Rosianal; Sunaringtyas, Septia Ulfa; Yulita, Tiyas
Jurnal Pelita Pengabdian Vol. 2 No. 2 (2024): Juli 2024
Publisher : DPPM Universitas Pelita Bangsa

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.37366/jpp.v2i2.4870

Abstract

Kesadartahuan terhadap keamanan siber menjadi salah satu hal yang perlu dimiliki oleh masyarakat seiring dengan perkembangan teknologi yang semakin pesat. Salah satunya pemanfaatan teknologi jaringan 5G selain meningkatkan kualitas layanan berbasis internet, juga memberikan ancaman baru yang patut diwaspadai. Program kesadartahuan dilaksanakan untuk meningkatkan pengetahuan dan kepedulian masyarakat terkait pemanfaatan teknologi 5G, berbagai ancaman keamanan siber yang muncul akibat adanya teknologi ini serta rekomendasi aksi yang bisa dilaksakan untuk memitigasi risiko yang muncul. Program pengabdian masyarakat ini disampaikan dalam bentuk webinar dilengkapi dengan workshop Capture The Flag untuk meningkatkan kemampuan peserta mengidentifikasi kerawanan. Dari hasil analisis pretest-posttest sejumlah 544 peserta, dinyatakan bahwa program kesadartahuan Cyberaksi 3.0 dengan tema empowering cybersecurity skill efektif meningkatkan pengetahuan peserta dengan nilai t_((0,025;107))=1,98.
Security Testing of XYZ Website Application Using ISSAF and OWASP WSTG v4.2 Methods Yusuf, Muhammad Firdaus; Hikmah, Ira Rosianal; Amiruddin; Sunaringtyas, Septia Ulfa
Teknika Vol. 14 No. 1 (2025): March 2025
Publisher : Center for Research and Community Service, Institut Informatika Indonesia (IKADO) Surabaya

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.34148/teknika.v14i1.1156

Abstract

The research focuses on improving the security of information systems in ABC City, specifically on the XYZ website application developed by the Communication and Informatics Office ABC to assist in governmental administration and manage various critical data. This study is motivated by the high incidence of cybersecurity threats in the governmental administration sector, as reported by Badan Siber dan Sandi Negara in November 2023. The primary objective of this research is to identify security vulnerabilities within the XYZ website application. The research employs the Information Systems Security Assessment Framework (ISSAF) as the primary security testing framework and the OWASP Web Security Testing Guide (WSTG) version 4.2 as the guide for the penetration testing phase, one of the stages in ISSAF for validating vulnerabilities. Validated vulnerabilities are further assessed for severity using the OWASP Risk Rating guidelines to estimate the risk and impact of potential attacks on the Communication and Informatics Office ABC. The research methodology uses a black-box testing approach. To ensure a structured approach, it provides security recommendations using the SMAACT method. This research includes a report on the identified vulnerabilities and recommendations that the Communication and Informatics Office ABC can implement to address these vulnerabilities. The findings of this study are expected to provide insights into existing security vulnerabilities within the website application and practical recommendations for improvement, benefiting both the practical context of enhancing information security at the Communication and Informatics Office ABC and the theoretical context as a reference for similar future research.
Perancangan Rencana Pemulihan Bencana Menggunakan NIST SP 800-34 Rev 1, NIST SP 800-53 Rev 5 dan SNI 8799 (Studi Kasus: Unit TI XYZ) Afiansyah, Hafizh Ghozie; Sunaringtyas, Septia Ulfa; Amiruddin, Amiruddin
Jurnal Teknologi Informasi dan Ilmu Komputer Vol 10 No 2: April 2023
Publisher : Fakultas Ilmu Komputer, Universitas Brawijaya

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.25126/jtiik.20236507

Abstract

Pada Institut XYZ, unit kerja yang memiliki tanggung jawab untuk mengelola layanan teknologi informasi dan pusat data adalah Unit TI. Berdasarkan Peraturan Pemerintah Nomor 71 Tahun 2019, untuk menanggulangi dampak kehilangan layanan pada pusat data yang disebabkan oleh bencana dan ancaman, diperlukan adanya rencana yang bertujuan untuk mencegah kehilangan dan kerusakan, yaitu rencana pemulihan bencana atau DRP. Hal tersebut didukung dengan kuesioner dan wawancara yang dilakukan kepada jajaran pejabat struktural, kepala unit dan mahasiswa Institut XYZ yang menyatakan bahwa layanan yang dikelola oleh Unit TI XYZ bersifat vital bagi proses bisnis perkuliahan, administrasi umum dan kemahasiswaan. Pada tahun 2021, terjadi kegagalan pada pusat data Unit TI XYZ yang menyebabkan proses perkuliahan daring dan administrasi terhenti karena portal daring yang tidak dapat diakses dan hilangnya data yang disimpan pada penyimpanan awan. Berdasarkan hal tersebut, dilakukan perancangan rencana pemulihan bencana menggunakan NIST SP 800-34 Rev 1 sebagai kerangka kerja penyusunan DRP, NIST SP 800-53 Rev 5 sebagai kendali pencegahan, dan SNI 8799 sebagai acuan persyaratan pusat data. Sebagai hasilnya, disusun enam rencana pemulihan untuk sistem dengan prioritas tinggi, tiga rencana pemulihan untuk sistem dengan prioritas sedang, dan dua rencana pemulihan untuk sistem dengan prioritas rendah.Abstract At the XYZ Institute, the work unit responsible for managing information technology and data center services is the IT Unit. According to Government Regulation Number 71 of 2019, to overcome the impact of service loss in data centers caused by disasters and threats, it is necessary to have a plan that aims to prevent loss and damage, namely a disaster recovery plan or DRP. This is supported by questionnaires and interviews with structural officials, unit heads, and students of the XYZ Institute, which state that services managed by the IT Unit XYZ are vital for the business processes of lectures, general administration, and student affairs. In 2021, there was a failure in the IT Unit XYZ data center, which caused the online lecture and administration process to stop due to an inaccessible online portal and loss of data stored in cloud storage. Based on the regulation requirement, interviews, and questionnaires, a disaster recovery plan was designed using NIST SP 800-34 Rev 1 as a framework for preparing the DRP, NIST SP 800-53 Rev 5 as a preventive control, and SNI 8799 as a reference for data center requirements. As a result, six recovery plans were developed for high-priority systems, three recovery plans for medium-priority systems, and two recovery plans for low-priority systems.
Collaborative Intrusion Detection System with Snort Machine Learning Plugin Priambodo, Dimas Febriyan; Faizi, Achmad Husein Noor; Rahmawati, Fika Dwi; Sunaringtyas, Septia Ulfa; Sidabutar, Jeckson; Yulita, Tiyas
JOIV : International Journal on Informatics Visualization Vol 8, No 3 (2024)
Publisher : Society of Visual Informatics

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.62527/joiv.8.3.2018

Abstract

The increasing prevalence of cybercrime and cyber-attacks underscores the imperative need for organizations to implement robust network security measures. Nevertheless, current Intrusion Detection Systems (IDS) often rely on single-sensor or multi-sensor in the same type of IDS, including Host-Based IDS (HIDS) or Network-Based IDS (NIDS), which inherently possess limited detection capabilities. To address this limitation, this research combines NIDS and HIDS components into a collaborative-IDS system, thus expanding the scope of intrusion detection and enhancing the efficacy of the established attack mitigation system. However, the integration of NIDS and HIDS introduces formidable challenges, notably the elevated rates of False Positive and False Negative alerts. To surmount these challenges, the researcher employs machine learning techniques in the form of Snort plugins and comparison methods to heighten the precision of attack detection. The obtained results unequivocally illustrate the effectiveness of this approach. Using a Support Vector Machine for static analysis of the NSL-KDD dataset attains an outstanding 99% detection rate for Denial of Service (DoS) attacks and an impressive 98% detection rate for Probe attacks. Furthermore, in dynamic real-time attack simulations, the machine learning plugins exhibit remarkable proficiency in detecting various types of DoS attacks, concurrently offering more comprehensive identification of SYN Flooding DoS attacks compared to the Snort community rules set. These findings signify a significant advancement in intrusion detection, paving the way for more robust and accurate network security systems in an era of escalating cyber threats.
Co-Authors Afiansyah, Hafizh Ghozie Amiruddin Amiruddin Amiruddin Dimas Febriyan Priambodo Faizi, Achmad Husein Noor Ira Rosianal Hikmah Jeckson Sidabutar Prayoga, Djodi Surya Rahmawati, Fika Dwi Tiyas Yulita Yusuf, Muhammad Firdaus