Sunardi, Sunardi (2019) similarity-sunardi-0521057401-C.1.1-Vulnerability Analysis of E-voting Application using Open Web Application Security Project (OWASP) Framework. IJACSA (International Journal of Advanced Computer Science and Applications), 10 (11). pp. 135-143. ISSN ISSN : 2156-5570 (Online), ISSN : 2158-107X (Print)
![[thumbnail of Similarity-C.1.1-Vulnerability Analysis of E-voting Application using Open Web Application Security Project (OWASP) Framework.pdf]](http://eprints.uad.ac.id/style/images/fileicons/text.png) |
Text
Similarity-C.1.1-Vulnerability Analysis of E-voting Application using Open Web Application Security Project (OWASP) Framework.pdf Download (2MB) |
|
Text
Paper-C.1.1-Vulnerability Analysis of E-voting Application using Open Web Application Security Project (OWASP) Framework.pdf Download (685kB) |
Abstract
This paper reports on security concerns in the Evoting used for the election of village heads. Analysis of the
system and server uses two different tools to determine the
accuracy of scanning vulnerabilities based on the OWASP
Framework. We reported that the results of the scanning using
the ZAP tool got vulnerability information with the following
risk level, one high level, three medium levels, and eleven low
levels. The Arachni tool got vulnerability information with the
following risk level, one high level, three medium levels, and two
low levels. ZAP has a more complex vulnerability view than
Arachni. Fatal findings on E-voting in this E-voting system is
XSS, which impacts clients, which can be exploited by attackers
to bypass security. Directory Traversal allows attackers to access
directories and can execute commands outside of the web
server’s base directory. Cyber Hiscox Readiness report in 2018 in
several European countries such as The United States, Britain,
Germany, Spain, and the Netherlands, that the Attackers target
through the most vulnerable security holes such as injection,
Broken Authentication, Sensitive Data Exposure, XXE, Merged,
Security Misconfiguration, XSS, Insecure Deserialization, Using
Components with Known Vulnerabilities, Insufficient Logging,
and Monitoring. The purpose of cyberattacks alone can threaten
the stability of the country and disturb other factors. E-voting, as
part of an electronic government system, needs to be audited in
terms of security, which can cause the system to disrupt.
| Item Type: | Artikel Umum |
|---|---|
| Subjects: | T Technology > TK Electrical engineering. Electronics Nuclear engineering |
| Divisi / Prodi: | Faculty of Industrial Technology (Fakultas Teknologi Industri) > S1-Electrical Engineering (S1-Teknik Elektro) |
| Depositing User: | SUNARDI |
| Date Deposited: | 26 Jan 2021 01:39 |
| Last Modified: | 26 Jan 2021 01:39 |
| URI: | http://eprints.uad.ac.id/id/eprint/22085 |
Actions (login required)
 |
View Item |