Article Per Year (5 Year)
p-Index From 2020 - 2025
0.23
P-Index
This Author published in this journals
All Journal Jurnal Teknologi Informasi, Komputer, dan Aplikasinya (JTIKA )
Iwana, Alang Artha
Unknown Affiliation
Computer Science & IT Decision Sciences, Operations Research & Management Engineering

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
THREAT MODELING MENGGUNAKAN PENDEKATAN STRIDE DAN DREAD UNTUK MENGETAHUI RISIKO DAN MITIGASI KEAMANAN PADA SISTEM LAYANAN PENDIDIKAN Iwana, Alang Artha; Huwae, Raphael Bianco; Jatmika, Andy Hidayat
JTIKA (Jurnal Teknik Informatika, Komputer dan Aplikasinya) Vol 7 No 1 (2025): Maret 2025
Publisher : Program Studi Teknik Informatika, Fakultas Teknik, Universitas Mataram

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.29303/jtika.v7i1.461

Abstract

Information system security is increasingly crucial with the rise of cyber threats. This study identifies and evaluates security risks in education service systems using STRIDE and DREAD-based Threat Modeling. STRIDE identifies threats such as spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege, while DREAD assesses risk based on potential damage, ease of exploitation, affected users, and likelihood of detection. The analysis showed that information disclosure and elevation of privilege were the highest risks, mainly due to the permissive CORS configuration. Testing using Burp Suite revealed high-level vulnerabilities allowing unauthorized access and data leakage. To address this, mitigations in the form of CORS policy validation, HTTP method restrictions, data encryption, and role-based authentication were implemented. Simulation results after mitigation showed a significant reduction in security issues, such as critical issues dropping from 6 to 1. This research confirms STRIDE and DREAD are effective in identifying and evaluating security risks, providing a strong basis for designing mitigation strategies to maintain educational service security.
Co-Authors Huwae, Raphael Bianco Jatmika, Andy Hidayat