Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal JURNAL ELEKTRO DAN INFORMATIKA SWADHARMA (JEIS)
Al Abiyyu, Mochammad Hasnan
Unknown Affiliation
Computer Science & IT

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
EVALUASI PENGUJIAN KERENTANAN WEBSITE UNIVERSITAS DI SURABAYA MENGGUNAKAN OWASP TOP 10 DENGAN PENDEKATAN BLACKBOX Firdaus, Dimaz Aidil; Al Abiyyu, Mochammad Hasnan; Darmawan, Ahmad Ghozi; Amrozi, Yuzuf
JEIS: Jurnal Elektro dan Informatika Swadharma Vol 6, No 1 (2026): JEIS EDISI JANUARI 2026 (ON PROGRESS)
Publisher : Institut Teknologi dan Bisnis Swadharma

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.56486/jeis.vol6no1.1010

Abstract

Advances in web technology drive the need for digital system security, including academic websites that are vulnerable to cyberattacks. This study aims to analyze the vulnerabilities of a university website in Surabaya using the OWASP Top 10 standards and black-box penetration testing. Testing was conducted by analyzing HTTP configuration, SSL/TLS, malware, DNS, and email security. The results indicate dominant vulnerabilities in the Security misconfiguration and Security logging and monitoring failures categories, with an F grade for HTTP Security headers, support for legacy TLS protocols, and the absence of SPF and DMARC. Thirty-seven potential malware files were also identified. Key recommendations include system updates, enhanced security configurations, and the implementation of email authentication policies to improve the cyber resilience of academic websites.Kemajuan teknologi web mendorong kebutuhan akan keamanan sistem digital, termasuk pada website akademik yang rentan terhadap serangan siber. Penelitian ini bertujuan menganalisis kerentanan sebuah website universitas di Surabaya berdasarkan standar OWASP Top 10 menggunakan metode black-box penetration testing. Pengujian dilakukan melalui analisis konfigurasi HTTP, SSL/TLS, malware, serta keamanan DNS dan email. Hasil menunjukkan kerentanan dominan pada kategori Security misconfiguration dan Security logging and monitoring failures, dengan nilai F pada HTTP Security headers, dukungan protokol TLS lama, serta ketiadaan SPF dan DMARC. Ditemukan pula 37 file potensial malware. Rekomendasi utama meliputi pembaruan sistem, penguatan konfigurasi keamanan, dan penerapan kebijakan autentikasi email untuk meningkatkan ketahanan siber website akademik
Co-Authors Amrozi, Yuzuf Darmawan, Ahmad Ghozi Firdaus, Dimaz Aidil