METIK JURNAL
Vol. 9 No. 1 (2025): METIK Jurnal

Penetration Testing Website E-Journals Metode NIST SP 800-115 dan OWASP

Mifthahuddin, Mifthahuddin (Unknown)
Setyadi, Hario Jati (Unknown)
Ibrahim, Muhammad Rivani (Unknown)

Article Info

Publish Date
20 Jun 2025

Abstract

The development of information technology has encouraged the digitization of scientific publications through e-journals, which facilitate access and distribution of scientific papers online. Mulawarman University uses Open Journal Systems (OJS) as a publication platform but still relies on version 2 which has several security gaps. This research aims to analyse the level of security vulnerabilities on the e-journals website of Mulawarman University using the penetration testing method based on NIST SP 800-115 and OWASP Top 10 parameters in 2021. This method includes four main stages: planning, discovery, attack, and reporting. Testing was conducted using various tools to identify and validate security holes. The results found 27 vulnerabilities, consisting of 1 high risk, 6 medium risk, 13 low risk, and 7 informational. Some of the main vulnerabilities that were successfully validated include Cross-Site Scripting, Clickjacking, Session Hijacking, Information Disclosure, and Cross-Site Request Forgery. These findings indicate significant weaknesses in access control, security configuration, and session management. Each vulnerability was analysed to understand its impact on data integrity and confidentiality. Proposed remediation recommendations include strengthening security header configuration, input/output validation, and removal of unnecessary system information. This research provides empirical insight into specific vulnerabilities in OJS version 2 at Mulawarman University, which has never conducted penetration testing with a framework using international standards, which is an original contribution to efforts to improve the security of academic publication systems.

Copyrights © 2025




Citation Download
RIS
EndNote, Reference Manager, ProCite
BibTex
Latex, Jabref
Original Source
Download Original
Google Scholar
Check in Google Scholar
Journal Info
METIK JURNAL
Website

Abbrev

metik

Publisher

Universitas Mulia

Subject

Computer Science & IT Control & Systems Engineering Decision Sciences, Operations Research & Management Earth & Planetary Sciences Electrical & Electronics Engineering

Description

Media Teknologi Informasi dan Komputer (METIK) Jurnal adalah jurnal teknologi dan informasi nasional berisi artikel-artikel ilmiah yang meliputi bidang-bidang: sistem informasi, informatika, multimedia, jaringan serta penelitian-penelitian lain yang terkait dengan bidang-bidang tersebut. Terbit dua ...