Implementation of Open Web Application Security Project for Penetration Testing on Educational Institution Websites

Sulisnawati, Nani and Subektiningsih, Subektiningsih (2023) Implementation of Open Web Application Security Project for Penetration Testing on Educational Institution Websites. Jurnal Ilmiah Teknik Elektro Komputer dan Informatika (JITEKI), 9 (2). pp. 250-267. ISSN 2338-3070

[thumbnail of 4-Implementation of Open Web Application Security Project for Penetration Testing on Educational Institution Websites.pdf] Text
4-Implementation of Open Web Application Security Project for Penetration Testing on Educational Institution Websites.pdf

Download (1MB)

Abstract

The development of information technology cannot be separated from the development of website applications, as well as the threat of security attacks that will attack website applications. Educational Institution X uses a website application as an important medium in learning activities. Therefore, penetration testing is needed to find security holes in website applications. In this study, penetration testing will be carried out with the target website for student access at Educational Institution X based on the reason that there is sensitive student data that needs to be secure. The method used in this study is an experimental method with the OWASP TOP 10 2021 standard (Open Web Application Security Project). The penetration test results obtained on the website application at Educational Institution X found 11 vulnerabilities that could be tested. Of the 11 vulnerabilities, there is one vulnerability at the medium risk level, 7 at the low risk level, and 3 at the information risk level. The vulnerabilities found relate to token authentication, policy delivery, cookie attribute, cross-site script inclusion, authorization, clickjacking, and weak transport layer security. Based on the penetration testing activities obtained, it can be concluded that the vulnerability gaps found need to be further repaired by the website application system developer, in this case, the Educational Institution X. Therefore, the final result of this study is in the form of a report document containing a list of vulnerabilities, recommendations for vulnerability repairs, and vulnerability mitigation strategies as solutions for handling security systems on website applications to make them even better.

Item Type: Artikel Umum
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
Divisi / Prodi: Faculty of Industrial Technology (Fakultas Teknologi Industri) > S1-Electrical Engineering (S1-Teknik Elektro)
Depositing User: M.Eng. Alfian Ma'arif
Date Deposited: 02 May 2023 02:17
Last Modified: 02 May 2023 02:17
URI: http://eprints.uad.ac.id/id/eprint/43077

Actions (login required)

View Item View Item