Article Per Year (5 Year)
p-Index From 2020 - 2025
1.116
P-Index
This Author published in this journals
All Journal JOURNAL OF INFORMATION SYSTEM RESEARCH (JOSH) International Journal of Advances in Data and Information Systems Jurnal Sistem Komputer dan Informatika (JSON) eProceedings of Engineering
Ahmad Almaarif
Tellkom University
Computer Science & IT Control & Systems Engineering Decision Sciences, Operations Research & Management Electrical & Electronics Engineering Engineering Industrial & Manufacturing Engineering

Published : 7 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 2 Documents
Search
Journal : Jurnal Sistem Komputer dan Informatika (JSON)

 1 
Analisis Vulnerability Management Pada Container Docker Menggunakan Opensource Scanner Berdasarkan Standar Cyber Resilience Review (CRR) Milenia Oktaviana; Adityas Widjajarto; Ahmad Almaarif
Jurnal Sistem Komputer dan Informatika (JSON) Vol 4, No 1 (2022): September 2022
Publisher : STMIK Budi Darma

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30865/json.v4i1.4787

Abstract

One of the most widely used container technologies to provide IT services is Docker. The vulnerability in container technology, namely Docker, requires special management. Management of this vulnerability can be done technically with a software vulnerability scanner and standard Cyber Resilience Review (CRR) guidelines. Experiments were carried out with Aquasec and Anchore scanners that performed vulnerability scanning on two Docker Images systems. The two vulnerable systems have different versions, namely version – 1 and version – 2. The software elements in version – 2 have a higher versioning level than version – 1. Experimental data in the form of vulnerability reports are analyzed based on Cyber Resilience Review (CRR) which focuses on four stages namely Define a Strategy, Develop a Plan, Implement the Capability, Assess and Improve the Capability. So that the results of Category Vulnerability are obtained, namely 30 Closed Vulnerability, 10 Open Vulnerability, and 13 Newly Vulnerability. Continuation of this research can use aspects of Patch Management with more varied software tools.
Vulnerability Management Pada Vulnerable Docker Menggunakan Clair Scanner Dan Joomscan Berdasarkan Standar GSA CIO-IT Security-17-80 Ryan Supriadi Ramadhan; Adityas Widjajarto; Ahmad Almaarif
Jurnal Sistem Komputer dan Informatika (JSON) Vol 4, No 1 (2022): September 2022
Publisher : STMIK Budi Darma

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30865/json.v4i1.4789

Abstract

Vulnerabilities in Docker need to be managed considering that this vulnerability is one of the potentials for exploitation, this can happen because Docker is a container related to application and system security. This study analyzes the vulnerability management process in Docker Images and Docker Images Applications using the GSA CIO-IT Security-17-80 standard. This vulnerability search uses two scanning tools, namely Clair Scanner and JoomScan. Vulnerabilities in Docker Images and Docker Images application version - 1, were overcome by creating a new system, namely version - 2 which upgrades the Docker Images software and Docker Images application. The test scenario is run by scanning for vulnerabilities in two versions of the trial system, in the form of a vulnerability report. The data was analyzed using the GSA CIO-IT Security Standard-17-80 which was limited to the stages of Scanning Capabilities, Vulnerability Scanning Process, Vulnerability Scan Reports, Remediation Verification, and Re-Classification of Known Vulnerabilities. The result is the fastest scanning time is in version - 2, the results of the comparison of vulnerabilities obtained are 44.45% on Docker Images and 77.78% on Joomla. So that the contribution that can be given is to provide an overview of the use of the GSA CIO-IT Security-17-80 standard as a guide for managing the security of an IT asset based on the stages carried out. Continuation of research can be in the form of using the 6 stages of GSA with the support of adequate vulnerability data from the right scanner software.
Co-Authors Achmad Farhan Febrianto Adib Fakhri Muhtadi Adityas Widjajarto Avon Budiono Avon Budiyono Faishal Rizqi Irfandi Ma'arij Haritsah Milenia Oktaviana Ryan Supriadi Ramadhan Umar Yunan Kurnia Septo Hediyanto Yoga Sakti Pratama