Garuda - Garba Rujukan Digital

Implementasi dan Analisis Attack Tree pada Aplikasi DVWA Berdasar Metrik Time dan Cost Alifurfan Wiradwipa Pranowo; Adityas Widjajarto; Muhammad Fathinuddin
Kesatria : Jurnal Penerapan Sistem Informasi (Komputer dan Manajemen) Vol 4, No 4 (2023): Edisi Oktober
Publisher : LPPM STIKOM Tunas Bangsa

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30645/kesatria.v4i4.234

Exploitation against web applications can be formulated into an attack tree. This research aims to explore the relationship between the attack tree and the exploitation characteristics based on time and cost metrics. The study involves conducting exploitation experiments on the DVWA platform. The exploitation stages are utilized to construct the attack tree, which is then organized based on two conditions: with Web Application Firewall (WAF) and without WAF. The attack tree is composed of five types of exploitation, namely SQL Injection, XSS (Reflected), Command Injection, CSRF, and Brute Force. The analysis results without WAF indicate that the XSS (Reflected) attack tree occupies the top position with a score of 53.69, while the SQL Injection attack tree ranks last with a score of 682.49. On the other hand, with WAF, the XSS (Reflected) attack tree remains at the top with a score of 61.11, and the SQL Injection attack tree still occupies the last position, but with a lower score of 207.22. Consequently, this relationship can be utilized to categorize attack trees based on time and cost metrics. Future research opportunities may involve measuring subsystem processes of the system.

ANALISIS PERFORMANSI JARINGAN 4G LTE DENGAN METODE DRIVE TEST PADA GEDUNG XYZ Daffa, Raihan; Saedudin, Rd. Rohmat; Fathinuddin, Muhammad
JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika) Vol 9, No 2 (2024)
Publisher : STKIP PGRI Tulungagung

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.29100/jipi.v9i2.4554

Bidang teknologi mengalami perkembangan yang sangat pesat, perkembangan ini menjadi tantangan tersendiri untuk penyedia layanan maupun user untuk terus bisa mengikuti teknologi. Gedung xyz merupakan sebuah perpustakaan yang memiliki visi untuk menjadi leader dari pusat ilmu dan pengetahuan berbasis teknologi informasi dalam mendukung Universitas Entrepreneur Global. Sesuai dengan visi gedung xyz, perlu adanya analisis performansi jaringan 4G LTE guna mengetahui kualitas sinyal 4G LTE untuk kelancaran penggunaannya. Penelitian ini dilakukan untuk mengukur kualitas performansi jaringan 4G LTE dengan bantuan aplikasi G-NetTrack Pro dan menggunakan metode walk test. Pengumpulan data dilakukan dengan menentukan titik pada gedung xyz yang akan dilalui selama pengukuran. Pengukuran dilakukan sebanyak tiga kali yaitu pada pagi hari, siang hari, dan sore hari dengan kondisi yang berbeda-beda. Analisis data akan berfokus pada tiga parameter yaitu RSRP, RSRQ, dan SNR sehingga dengan mengukur tiga parameter tersebut akan mengetahui kualitas jaringan 4G LTE pada objek penelitian ini. Hasil pengukuran akan dianalisis sesuai dengan KPI pada masing-masing parameter untuk mengetahui baik buruknya kualitas jaringan. Temuan dari penelitian ini akan memberikan informasi tentang kualitas jaringan 4G LTE pada gedung xyz dan dapat membantu penyedia layanan untuk bisa mengembangkan kualitas sinyal yang ada.

HAK DAN KEWAJIBAN ORANG TUA TERHADAP ANAK BERDASARKAN PASAL 45 UNDANG UNDANG NOMOR 1 TAHUN 1974 TENTANG PERKAWINAN Zulfikar, Teuku; Fathinuddin, Muhammad
Journal Evidence Of Law Vol. 2 No. 1 (2023): Journal Evidence Of Law (April)
Publisher : CV. Era Digital Nusantara

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.59066/jel.v2i1.230

Humans are destined with the nature of zoon politicon, they always live in groups in a group called society. Living alone without other people somewhere is not human nature as a creature, even if there are people who live alone, it's a bedtime story and in the middle of the story they will definitely be met and get along with each other as an absolute necessity. It is human nature to live side by side with other humans and try to carry on offspring by means of marriage. Marriage is a physical and spiritual bond between a man and a woman as husband and wife with the aim of forming a happy and eternal family (household) based on the One Godhead. with the aim, among other things, to get offspring who will continue and replace the generation that gave birth to them. The purpose of this study was to find out how the rights and obligations of parents towards children based on Article 45 of Law Number 1 of 1974 concerning Marriage. Based on Article 45 and Article 46 of Law no. 1 of 1974, the obligation of parents to care for and educate their children until they marry and can stand alone. This also means that even if the child is married if, in fact, it cannot stand alone, it is still the obligation of parents to take care of their children, wives, and grandchildren. This is different from what is regulated in the Civil Code that the obligation does not only extend to adult children (aged 18 years) but until they are able to stand on their own even though the marital ties of their parents are broken. Children must respect their parents and obey their goodwill. If the child is an adult, he is obliged to take care of his parents and family in a straight line up according to his ability, if they need his help

ANALYSIS OF CABLE NETWORK READINESS FOR THE IMPLEMENTATION OF ENTERPRISE RESOURCE PLANNING INFORMATION SYSTEMS AT THE FACULTY OF INDUSTRIAL ENGINEERING febriyanto, Akbar; Hediyanto, Umar Yunan Kurnia Septo; Fathinuddin, Muhammad
JIKO (Jurnal Informatika dan Komputer) Vol 7, No 3 (2024)
Publisher : Universitas Khairun

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.33387/jiko.v7i3.8624

With the rapid advancement of information and communication technology, organizations increasingly adopt integrated systems to enhance efficiency and productivity. One widely adopted technology is Enterprise Resource Planning (ERP), a comprehensive management system that integrates various business functions, including finance, manufacturing, inventory, and human resources. Implementing an ERP system requires a robust network infrastructure, particularly in terms of quality of service (quality of service). This study aims to evaluate the readiness of the cable network infrastructure across three buildings at the Faculty of Industrial Engineering, Telkom University, to implement an Odoo-based ERP system. The research employs the Network Development Life Cycle (NDLC) methodology, focusing on crucial quality of service parameters such as throughput, delay, jitter, and packet loss. Data were collected through observations, interviews, and network analysis using Wireshark, with tests conducted at different times (low, peak, and intermediate). The results show that the TULT Building, Mangudu Building, and Building B Cacuk networks are generally prepared for ERP implementation. For instance, in the TULT Building, the average throughput without filters at low, peak, and intermediate times was 45.296 Kbps, 50.923 Kbps, and 61.399 Kbps, respectively. Packet loss averaged 0.56%, 0.50%, and 0.65% without filters. Despite jitter values ranging from 103.73 ms to 582.40 ms, below the TIPHON standard, the ERP system remains functional as it is not highly sensitive. The study concludes that the existing network infrastructure is sufficient mainly for the Odoo-based ERP implementation, with recommendations for further improvements to address jitter issues.

Implementasi dan Analisis Attack Tree pada Aplikasi DVWA Berdasar Metrik Time dan Skill Level Nugraha, Yadi; Widjajarto, Adityas; Fathinuddin, Muhammad
J-SAKTI (Jurnal Sains Komputer dan Informatika) Vol 7, No 2 (2023): EDISI SEPTEMBER
Publisher : STIKOM Tunas Bangsa Pematangsiantar

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30645/j-sakti.v7i2.690

Attack trees can be formulated based on the steps of exploitation that occur in web applications. The aim of this research is to understand the relationship between attack trees and exploitation characteristics based on time and skill level metrics. The platform for exploitation testing uses DVWA and is organized into an attack tree. The attack tree is structured with both protected and unprotected WAF conditions. The attack tree is organized based on five vulnerabilities: SQL Injection, XSS (Reflected), Command injection, CSRF, and Brute force. The analysis results with the unprotected WAF condition conclude that the XSS (Reflected) attack tree ranks first with a score of 131.92. The SQL Injection attack tree ranks last with a score of 1727.56. Meanwhile, with the WAF, the SQL Injection attack tree ranks first with a score of 54. The Brute force attack tree ranks last with a score of 319.51. Thus, this relationship can be used for ranking attack trees based on time and skill level metrics. Further research can involve detailing the steps of exploitation using CVSS scores as a skill level calculation and measuring parameters using IDS as one of the firewall features.

Analisis Security Mitigation dengan Metode Vulnerability Assesment and Penetration Testing (VAPT) (Kasus Website Kerja Praktek dan Pengabdian Masyarakat) Fadillah, Muhammad Iqbal; Yanto, Umar Yunan Kurnia Sept; Fathinuddin, Muhammad
J-SAKTI (Jurnal Sains Komputer dan Informatika) Vol 7, No 2 (2023): EDISI SEPTEMBER
Publisher : STIKOM Tunas Bangsa Pematangsiantar

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30645/j-sakti.v7i2.683

The current development of technology is progressing rapidly in line with the ease of accessing information through various means, whether through mobile applications or websites. This convenience has had a significant impact on various industries, governments, and educational institutions that utilize websites as information support for learning and teaching activities, including at XYZ Faculty. The website is used to manage student activities in Internship and Community Service (ICS). In previous research, vulnerability assessment was conducted to identify vulnerabilities on the website; however, no mitigation was implemented for the vulnerabilities found. Therefore, security mitigation is needed to address the risks associated with these vulnerabilities. The method used in this process is Vulnerability Assessment and Penetration Testing (VAPT) with gray box testing techniques, as well as the tools Burp Suite, Acunetix, and Nessus. Vulnerability analysis was performed on the identified vulnerabilities on the website to determine a list of vulnerabilities for further exploitation. Through testing on this ICS website, nine vulnerabilities were found, including one high-level vulnerability, four medium-level vulnerabilities, and four low-level vulnerabilities. These vulnerabilities were then mitigated, and the results showed that four out of the nine vulnerabilities were successfully mitigated, improving the website's security compared to before.

Implementasi dan Analisis Attack Tree pada Aplikasi DVWA Berdasar Metrik Time dan Probability Irawan, Alfian Rifki; Widjajarto, Adityas; Fathinuddin, Muhammad
J-SAKTI (Jurnal Sains Komputer dan Informatika) Vol 7, No 2 (2023): EDISI SEPTEMBER
Publisher : STIKOM Tunas Bangsa Pematangsiantar

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30645/j-sakti.v7i2.688

The formulation of attack trees can be based on the exploitation stages in web-based applications. According to this formulation, this research aims to understand the relationship between attack trees and exploitation characteristics using time and probability metrics. The construction of attack trees is based on experimental platforms using the DVWA web-based application, both in protected and unprotected conditions by a Web Application Firewall (WAF). Exploitation is carried out on five vulnerabilities, namely SQL Injection, XSS (Reflected), Command Injection, CSRF, and Brute Force. The analysis results without a WAF show that the Cross-Site Request Forgery attack tree occupies the top position with a score of 18.19. On the other hand, the Brute Force attack tree ranks last with a score of 230.09. With the presence of a WAF, the Command Injection attack tree takes the first position with a score of 4.80, while the Brute Force attack tree remains in the last position with a score of 43.08. Further research in this study may involve a detailed examination of probability metrics and the calculation of vulnerability factors.

Optimisasi Strategi Security Mitigation Dengan Vapt Pada Website Absensi Praktikan Dan Asisten Laboratorium Praktek Basyirah, Aulia; Hediyanto, Umar Yunan Kurnia Septo; Fathinuddin, Muhammad
J-SAKTI (Jurnal Sains Komputer dan Informatika) Vol 7, No 2 (2023): EDISI SEPTEMBER
Publisher : STIKOM Tunas Bangsa Pematangsiantar

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30645/j-sakti.v7i2.684

Information technology is growing rapidly alongside its users. One of the uses of information technology is websites, which have been widely adopted by various parties, including XYZ University, utilizing them for academic and internal purposes. One such website at the university is used for attendance tracking during practical sessions in the Faculty of XYZ. However, technological advancements have also brought an increase in security attacks on websites by unauthorized entities. Therefore, a vulnerability assessment was conducted using the Vulnerability Assessment and Penetration Testing (VAPT) method, employing automated scanning tools such as Nessus, Burpsuite, and OWASP ZAP to identify vulnerabilities in the website. During the testing, 27 security vulnerabilities were found and consolidated into 9 issues for exploitation and mitigation. Eventually, 4 out of the 9 security vulnerabilities were successfully mitigated.

Implementasi dan Analisis Attack Tree pada Aplikasi DVWA Berdasar Metrik Time dan Skill Level Nugraha, Yadi; Widjajarto, Adityas; Fathinuddin, Muhammad
J-SAKTI (Jurnal Sains Komputer dan Informatika) Vol 7, No 2 (2023): EDISI SEPTEMBER
Publisher : STIKOM Tunas Bangsa Pematangsiantar

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30645/j-sakti.v7i2.690

Attack trees can be formulated based on the steps of exploitation that occur in web applications. The aim of this research is to understand the relationship between attack trees and exploitation characteristics based on time and skill level metrics. The platform for exploitation testing uses DVWA and is organized into an attack tree. The attack tree is structured with both protected and unprotected WAF conditions. The attack tree is organized based on five vulnerabilities: SQL Injection, XSS (Reflected), Command injection, CSRF, and Brute force. The analysis results with the unprotected WAF condition conclude that the XSS (Reflected) attack tree ranks first with a score of 131.92. The SQL Injection attack tree ranks last with a score of 1727.56. Meanwhile, with the WAF, the SQL Injection attack tree ranks first with a score of 54. The Brute force attack tree ranks last with a score of 319.51. Thus, this relationship can be used for ranking attack trees based on time and skill level metrics. Further research can involve detailing the steps of exploitation using CVSS scores as a skill level calculation and measuring parameters using IDS as one of the firewall features.

Analisis Security Mitigation dengan Metode Vulnerability Assesment and Penetration Testing (VAPT) (Kasus Website Kerja Praktek dan Pengabdian Masyarakat) Fadillah, Muhammad Iqbal; Yanto, Umar Yunan Kurnia Sept; Fathinuddin, Muhammad
J-SAKTI (Jurnal Sains Komputer dan Informatika) Vol 7, No 2 (2023): EDISI SEPTEMBER
Publisher : STIKOM Tunas Bangsa Pematangsiantar

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30645/j-sakti.v7i2.683

The current development of technology is progressing rapidly in line with the ease of accessing information through various means, whether through mobile applications or websites. This convenience has had a significant impact on various industries, governments, and educational institutions that utilize websites as information support for learning and teaching activities, including at XYZ Faculty. The website is used to manage student activities in Internship and Community Service (ICS). In previous research, vulnerability assessment was conducted to identify vulnerabilities on the website; however, no mitigation was implemented for the vulnerabilities found. Therefore, security mitigation is needed to address the risks associated with these vulnerabilities. The method used in this process is Vulnerability Assessment and Penetration Testing (VAPT) with gray box testing techniques, as well as the tools Burp Suite, Acunetix, and Nessus. Vulnerability analysis was performed on the identified vulnerabilities on the website to determine a list of vulnerabilities for further exploitation. Through testing on this ICS website, nine vulnerabilities were found, including one high-level vulnerability, four medium-level vulnerabilities, and four low-level vulnerabilities. These vulnerabilities were then mitigated, and the results showed that four out of the nine vulnerabilities were successfully mitigated, improving the website's security compared to before.

Title

Found 44 Documents
Search

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Title Search

Found 44 Documents Search

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Title

Found 44 Documents
Search