Vulnerability Assessment for Basic Data of Education Website in Regional Government X – A Black Box Testing Approach

Authors

  • Atho Novian Awlarijal School of Industrial and System Engineering, Telkom University, Bandung - INDONESIA
  • Ahmad Almaarif School of Industrial and System Engineering, Telkom University, Bandung - INDONESIA
  • Avon Budiono School of Industrial and System Engineering, Telkom University, Bandung - INDONESIA

Keywords:

information, security, web application, vulnerability assessment, black box testing

Abstract

The development of technology in the current era is growing more rapidly. One example is the spread of information is no longer using the print media but uses web media. The Department of Education in Regional Government X uses the website to disseminate information to outside parties. The Department of Education uses the web to manage basic data of education (Dapodik). In the current era, information is very crucial. According to the Open Web Application Security Project (OWASP) in 2017 there are several vulnerabilities that often occur on websites such as injection flaws, sensitive data exposure, cross-site scripting (XSS), etc. This will impact the attacker in exploiting the system, retrieving information or important data on the web. Therefore, security must be ensured to maintain the integrity of the information on the website. One way to maintain the integrity of information on a website is by conducting vulnerability assessment. Vulnerability assessment is a series of actions to identify and analyze the possibility of security vulnerabilities in the system (ISACA, 2017). This paper provides a black box testing for vulnerability assessment of web application by mean of analyzing and using combined set tool to detect vulnerabilities. This black box testing using OWASP-ZAP dan OpenVAS for vulnerability scanning.

References

Andress, Jason. 2014. The Basics of Information Security Second Edition. Waltham: Syngress.

APJII. 2017. "Infografis Penetrasi & Perilaku Pengguna Internet Indonesia." APJII. Available at: https://apjii.or.id/survei2017/download/brDi5U0PaVndoR9vfu8msNG1gEAzCQ Accessed Desember 1, 2019.

Awang, Nor Fatimah, and Azizah Abd Manaf. 2013. "Detecting Vulnerabilities in Web Applications Using and Automated Black Box and Manual Penetration Testing." CCIS 381, 230-239.

Doshi, Jignesh, and Bhushan Trivedi. 2015. "Comparison of Vulnerability Assessment and Penetration Testing." International Journal of Applied Information Systems (IJAIS) 8, 51-54.

ISACA. 2017. Vulnerability Assessment. Rolling Meadows: ISACA.

Khan, Mohd. Ehmer, and Farmeena Khan. 2012. "A Comparative Study of White Box, Black Box and Grey Box Testing Techniques." International Journal of Advanced Computer Science and Applications (IJACSA), 12-15.

Minister of Education and Culture. 2015. Peraturan Menteri Pendidikan dan Kebudayaan Nomor 79. Jakarta: Minister of Education and Culture.

National Institute of Standards and Technology. 2012. NIST Special Publication 800-30 Revision 1 - Guide for Conducting Risk Assessments. Gaithersburg: National Institute of Standards and Technology.

Nieles, Michael, Kelley Dempsey, and Victoria Yan Pillitteri. 2017. NIST Special Publication 800-12 Revision 1 - An Introduction to Information Security. Gaithersburg: National Institute of Standards and Technohlogy.

OWASP. 2017. "a" Category:OWASP Top Ten Project. Avalable at: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project. Accessed on December 1, 2019.

—. 2017. "b" "OWASP Top 10 2017." OWASP. Available at: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf. Accessed on December 1, 2019.

OWASP. 2019. Talk: OWASP Vulnerability Management Guide. May 1. Available at: https://www.owasp.org/index.php/Talk:OWASP_Vulnerability_Management_Guide#OWASP_Vulnerability_Management_Guide_v.1. Accessed on December 1, 2019.

Published

2021-04-22

Issue

Section

FoITIC 2020