Uji Vulnerability Assessment Dalam Mengetahui Tingkat Keamanan Web Aplikasi Sistem Informasi Laporan Diskominfo Dan Sandi Aceh
DOI:
https://doi.org/10.22373/jintech.v4i1.2409Keywords:
Vulnerability Assessment, Information Security System, Penetration TestingAbstract
Along with the increasing need for information systems in the Districts/Cities of Aceh Province in supporting the development process of a region, the penetration test and evaluation of the system has been delayed. This is due to the limited number of experts in the province as well as the level of dependence on human resources in Districts/Cities who have limited capacity in terms of testing information systems. Therefore, with the presence of the latest web application information system at Diskominfo and Sandi Aceh, it requires system testing to determine the feasibility level of publication of the information system. The testing technique in this study used the VAPT Life Cycle method. Where the VAPT Life Cycle will identify, describe, assess vulnerabilities based on the CVSS (Common Vulnerability Scoring System) and provide solutions for handling vulnerabilities. The vulnerability discovery process in this study uses the Nessus Vulnerability Scanning tool. From the findings there are 4 vulnerabilities, 1 in the high category and 3 in the medium category. This vulnerability data can be used as evaluation material to close or fix existing security holes.
References
Baloch, R. (2017). Ethical hacking and penetration testing guide. CRC Press.
CVSS. (2018). CVSS v3.0 Specification Document. https://www.first.org/cvss/v3.0/specification-document
Febriani, D. L., & Juliani, R. (2022). Strategi Komunikasi Pemerintah Daerah Dalam Mensosialisasikan Informasi Publik Di Kabupaten Aceh Barat. At-Tanzir: Jurnal Ilmiah Prodi Komunikasi Penyiaran Islam, 19–38. https://doi.org/10.47498/tanzir.v13i1.970
Kamilah, I., & Hendri Hendrawan, A. (2019). Analisis Keamanan Vulnerability pada Server Absensi Kehadiran Laboratorium di Program Studi Teknik Informatika. Prosiding Semnastek, 16(0), 1–9. https://jurnal.umj.ac.id/index.php/semnastek/article/view/5233
Ketaren, E. (2016). Cybercrime, Cyber Space, dan Cyber Law. Times, 5(2), 35–42. http://stmik-time.ac.id/ejournal/index.php/jurnalTIMES/article/viewFile/556/126
Kumar, H. (2014). Learning Nessus for Penetration Testing. https://books.google.com/books?id=hhuxAgAAQBAJ&pgis=1
Prasetio, N. (2017). Sistem Informasi Penyewaan Kendaraan Berbasis Web (Studi Kasus Chandra Trans Bali). Jurnal Ilmiah Methonomi, 3(2), 28–29.
Triyana, N., & Eka, A. (2017). Analisis DNS Amplification Attack. Jurnal of Education and Information Communication Technology, 1(1), 17–22.
Yohan, M. (2018). Mengenal Istilah Common Vulnerability Scoring System. https://socs.binus.ac.id/2018/12/13/mengenal-istilah-common-vulnerability-scoring-system/