Implementation of Open Web Application Security Project for Penetration Testing on Educational Institution Websites
DOI:
https://doi.org/10.26555/jiteki.v9i2.25987Keywords:
OWASP, Cybersecurity, Penetration Testing, WebsiteAbstract
The development of information technology cannot be separated from the development of website applications, as well as the threat of security attacks that will attack website applications. Educational Institution X uses a website application as an important medium in learning activities. Therefore, penetration testing is needed to find security holes in website applications. In this study, penetration testing will be carried out with the target website for student access at Educational Institution X based on the reason that there is sensitive student data that needs to be secure. The method used in this study is an experimental method with the OWASP TOP 10 2021 standard (Open Web Application Security Project). The penetration test results obtained on the website application at Educational Institution X found 11 vulnerabilities that could be tested. Of the 11 vulnerabilities, there is one vulnerability at the medium risk level, 7 at the low risk level, and 3 at the information risk level. The vulnerabilities found relate to token authentication, policy delivery, cookie attribute, cross-site script inclusion, authorization, clickjacking, and weak transport layer security. Based on the penetration testing activities obtained, it can be concluded that the vulnerability gaps found need to be further repaired by the website application system developer, in this case, the Educational Institution X. Therefore, the final result of this study is in the form of a report document containing a list of vulnerabilities, recommendations for vulnerability repairs, and vulnerability mitigation strategies as solutions for handling security systems on website applications to make them even better.Downloads
Published
2023-04-19
How to Cite
[1]
N. Sulisnawati and S. Subektiningsih, “Implementation of Open Web Application Security Project for Penetration Testing on Educational Institution Websites”, J. Ilm. Tek. Elektro Komput. Dan Inform, vol. 9, no. 2, pp. 250–267, Apr. 2023.
Issue
Section
Articles
License
Authors who publish with JITEKI agree to the following terms:
- Authors retain copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
This work is licensed under a Creative Commons Attribution 4.0 International License
