Web-Based Dashboard for Monitoring Penetration Testing Activities Based on OWASP Standards

Yansyah Saputra Wijaya

Abstract


Financial Services Authority Regulation concerning Application of Risk Management in the Use of Information Technology by Commercial Banks which requires Banks to ensure information security to maintain which must be done periodically at least once a year. The most popular way to have security is through pentest, to determine an application whether it is safe and successfully passed the pentest, we need a measurement standard, specifically for web applications, the standard commonly used is OWASP. However, OWASP has a very large list of vulnerabilities, so to simplify the process of monitoring the pentest process in an organization we need a tool that can visualize existing vulnerabilities from various applications to be more easily measured, calculated, and monitored during the pentest process. The tool commonly used to present information to managers is a Dashboard. The dashboard produced in this research is the monitoring dashboard of pentest monitoring activities, it is made using the PHP programming language so that it is web-based and uses the OWASP standard until 2017. The system is also capable of displaying application vulnerabilities based on their frequency of appearance.


Keywords


OWASP, Cybersecurity, Penetration Testing, Dashboard, Application Security

Full Text:

PDF

References


BSSN, “BSSN Selenggarakan National Internet Security Days 2018,” BSSN, 2018. Online

M. Lezzi, M. Lazoi and A. Corallo, " Cybersecurity for Industry 4.0 in the current literature: A reference framework," Computers in Industry, vol. 103, December 2018, pp. 97-110 doi: 10.1016/j.compind.2018.09.004

A. Ustundag and E. Cevikcan, “Industry 4.0: Managing The Digital Transformation,” Springer Ser. Adv. Manuf., no. January, pp. 1–283, 2018, doi: 10.1007/978-3-319-57870-5.

Cisco, “What Is Cybersecurity?,” 2019. Online

J. Dutton, “Three pillars of cybersecurity,” 2017. Online

BSSN, “Rekap Serangan Siber (Januari – April 2020),” 2020. Online

Y. Stefinko, A. Piskozub, and R. Banakh, “Manual and automated penetration testing. Benefits and drawbacks. Modern tendency,” Mod. Probl. Radio Eng. Telecommun. Comput. Sci. Proc. 13th Int. Conf. TCSET 2016, vol. 1, pp. 488–491, 2016, doi: 10.1109/TCSET.2016.7452095.

R. E. L. De Jimenez, “Pentesting on web applications using ethical - Hacking,” 2016 IEEE 36th Cent. Am. Panama Conv. CONCAPAN 2016, no. 503, 2017, doi: 10.1109/CONCAPAN.2016.7942364.

NIST 800-115, “Technical Guide to Information Security Testing and Assessment,” Nist Spec. Publ., vol. 800, pp. 1–80, 2008. Online

OJK, “Penerapan Manajemen Risiko Dalam Penggunaan Teknologi Informasi Oleh Bank Umum.” Online

V. Dehalwar, A. Kalam, M. L. Kolhe, and A. Zayegh, “Review of web-based information security threats in smart grid,” 2017 7th Int. Conf. Power Syst. ICPS 2017, pp. 849–853, 2018, doi: 10.1109/ICPES.2017.8387407.

D. Christian, D. Trisnawarman and Z. Rusdi, “Dashboard inventori pt. petra sejahtera abadi,” Jiksi: Jurnal Ilmi Komputer dan Sistem Informasi, vol. 7, no. 2, pp. 240–244, 2004. Online

S. Sofiana, “Rancang Bangun Dashboard Administrasi Akademik di SMK Fadilah Tangerang Selatan,” J. Inform. Univ. Pamulang, vol. 2, no. 1, p. 1, 2017, doi: 10.32493/informatika.v2i1.1498.

F. Y. Hartanti, “Rancang Bangun Dashboard Admin Pemantauan Berbasis Web di PT . Astra Graphia Information Technology,” 2018, doi: 10.5281/zenodo.1218677.

M. Ropianto, O. Veza, and M. Donald, “Sistem Informasi Dashboard Monitoring Untuk Pengorderan Barang Dan Jasa Pada Pt Energi Listrik Batam,” J. Tek. Ibnu Sina, vol. 3, no. 1, pp. 1–13, 2018, doi: 10.36352/jt-ibsi.v3i1.107.

F. C. Saputro, W. Anggraeni, and A. Mukhlason, “Pembuatan Dashboard Berbasis Web Sebagai Sarana Evaluasi Diri Berkala Untuk Persiapan Penilaian Akreditasi Berdasarkan Standar Badan Akreditasi Nasional Perguruan Tinggi,” J. Tek. ITS, vol. 1, no. 1, pp. A397–A402, 2012. doi: 10.12962/j23373539.v1i1.1141

A. Khatulistiwa, H. B. Setyawan, and A. Sukmaaji, “Dashboard Untuk Visualisasi Penjualan Voucher Pulsa Elektrik Di Rajawali Reload Mojokerto,” vol. 5, no. 8, pp. 1–7, 2016. Online

Junadhi and Mardainis, “LINE Chatbot Informasi Cuaca Wilayah Indonesia,” Digit. Zo. J. Teknol. Inf. dan Komun., vol. 10, no. 1, pp. 101–109, 2019, doi: 10.31849/digitalzone.v10i1.2467.




DOI: http://dx.doi.org/10.26555/jiteki.v16i1.17019

Article Metrics

Abstract view : 0 times
PDF - 0 times

Refbacks

  • There are currently no refbacks.


Jurnal Ilmiah Teknik Elektro Komputer dan Informatika (JITEKI)
ISSN 2338-3070 (print) | 2338-3062 (online)
Organized by Electrical Engineering Department - Universitas Ahmad Dahlan
Published by Universitas Ahmad Dahlan
Website: http://journal.uad.ac.id/index.php/jiteki
Email 1: jiteki@ee.uad.ac.id (publication issues)
Email 2: sonali@ee.uad.ac.id (info and paper handling issues)

Lisensi Creative Commons

This work is licensed under a Creative Commons Attribution 4.0 International License


View JITEKI stat