Web-Based Dashboard for Monitoring Penetration Testing Activities Based on OWASP Standards
DOI:
https://doi.org/10.26555/jiteki.v16i1.17019Keywords:
OWASP, Cybersecurity, Penetration Testing, Dashboard, Application SecurityAbstract
Financial Services Authority Regulation concerning Application of Risk Management in the Use of Information Technology by Commercial Banks which requires Banks to ensure information security to maintain which must be done periodically at least once a year. The most popular way to have security is through pentest, to determine an application whether it is safe and successfully passed the pentest, we need a measurement standard, specifically for web applications, the standard commonly used is OWASP. However, OWASP has a very large list of vulnerabilities, so to simplify the process of monitoring the pentest process in an organization we need a tool that can visualize existing vulnerabilities from various applications to be more easily measured, calculated, and monitored during the pentest process. The tool commonly used to present information to managers is a Dashboard. The dashboard produced in this research is the monitoring dashboard of pentest monitoring activities, it is made using the PHP programming language so that it is web-based and uses the OWASP standard until 2017. The system is also capable of displaying application vulnerabilities based on their frequency of appearance.
References
BSSN, “BSSN Selenggarakan National Internet Security Days 2018,†BSSN, 2018. Online
M. Lezzi, M. Lazoi and A. Corallo, " Cybersecurity for Industry 4.0 in the current literature: A reference framework," Computers in Industry, vol. 103, December 2018, pp. 97-110 doi: 10.1016/j.compind.2018.09.004
A. Ustundag and E. Cevikcan, “Industry 4.0: Managing The Digital Transformation,†Springer Ser. Adv. Manuf., no. January, pp. 1–283, 2018, doi: 10.1007/978-3-319-57870-5.
Cisco, “What Is Cybersecurity?,†2019. Online
J. Dutton, “Three pillars of cybersecurity,†2017. Online
BSSN, “Rekap Serangan Siber (Januari – April 2020),†2020. Online
Y. Stefinko, A. Piskozub, and R. Banakh, “Manual and automated penetration testing. Benefits and drawbacks. Modern tendency,†Mod. Probl. Radio Eng. Telecommun. Comput. Sci. Proc. 13th Int. Conf. TCSET 2016, vol. 1, pp. 488–491, 2016, doi: 10.1109/TCSET.2016.7452095.
R. E. L. De Jimenez, “Pentesting on web applications using ethical - Hacking,†2016 IEEE 36th Cent. Am. Panama Conv. CONCAPAN 2016, no. 503, 2017, doi: 10.1109/CONCAPAN.2016.7942364.
NIST 800-115, “Technical Guide to Information Security Testing and Assessment,†Nist Spec. Publ., vol. 800, pp. 1–80, 2008. Online
OJK, “Penerapan Manajemen Risiko Dalam Penggunaan Teknologi Informasi Oleh Bank Umum.†Online
V. Dehalwar, A. Kalam, M. L. Kolhe, and A. Zayegh, “Review of web-based information security threats in smart grid,†2017 7th Int. Conf. Power Syst. ICPS 2017, pp. 849–853, 2018, doi: 10.1109/ICPES.2017.8387407.
D. Christian, D. Trisnawarman and Z. Rusdi, “Dashboard inventori pt. petra sejahtera abadi,†Jiksi: Jurnal Ilmi Komputer dan Sistem Informasi, vol. 7, no. 2, pp. 240–244, 2004. Online
S. Sofiana, “Rancang Bangun Dashboard Administrasi Akademik di SMK Fadilah Tangerang Selatan,†J. Inform. Univ. Pamulang, vol. 2, no. 1, p. 1, 2017, doi: 10.32493/informatika.v2i1.1498.
F. Y. Hartanti, “Rancang Bangun Dashboard Admin Pemantauan Berbasis Web di PT . Astra Graphia Information Technology,†2018, doi: 10.5281/zenodo.1218677.
M. Ropianto, O. Veza, and M. Donald, “Sistem Informasi Dashboard Monitoring Untuk Pengorderan Barang Dan Jasa Pada Pt Energi Listrik Batam,†J. Tek. Ibnu Sina, vol. 3, no. 1, pp. 1–13, 2018, doi: 10.36352/jt-ibsi.v3i1.107.
F. C. Saputro, W. Anggraeni, and A. Mukhlason, “Pembuatan Dashboard Berbasis Web Sebagai Sarana Evaluasi Diri Berkala Untuk Persiapan Penilaian Akreditasi Berdasarkan Standar Badan Akreditasi Nasional Perguruan Tinggi,†J. Tek. ITS, vol. 1, no. 1, pp. A397–A402, 2012. doi: 10.12962/j23373539.v1i1.1141
A. Khatulistiwa, H. B. Setyawan, and A. Sukmaaji, “Dashboard Untuk Visualisasi Penjualan Voucher Pulsa Elektrik Di Rajawali Reload Mojokerto,†vol. 5, no. 8, pp. 1–7, 2016. Online
Junadhi and Mardainis, “LINE Chatbot Informasi Cuaca Wilayah Indonesia,†Digit. Zo. J. Teknol. Inf. dan Komun., vol. 10, no. 1, pp. 101–109, 2019, doi: 10.31849/digitalzone.v10i1.2467.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with JITEKI agree to the following terms:
- Authors retain copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
This work is licensed under a Creative Commons Attribution 4.0 International License