Vulnerability Assessment Method for Website Security
DOI:
https://doi.org/10.56705/ijonit.v1i2.169Keywords:
Vulnerability Assessment, OWASP ZAP, Cross-site Scripting, Account Take Over, Security WebsiteAbstract
Website security is crucial in today’s digital era as a medium for information and communication. The same applies to the Studio FIKOM UMI website used by the Faculty of Computer Science at Universitas Muslim Indonesia. This study aims to evaluate the security posture of the Studio FIKOM UMI website against cyberattacks and to identify the most likely attack vectors targeting the site. The research adopts a Vulnerability Assessment methodology to analyze, identify, and categorize the risk levels of discovered vulnerabilities within the existing networked system. Information was gathered from multiple sources—websites, journals, scholarly works, books, and online resources. The method is applied to uncover vulnerabilities present on the Studio FIKOM UMI website. The assessment revealed vulnerabilities based on alerts from OWASP ZAP scanning, including: Vulnerable JavaScript Library, X-Frame-Options header not set, absence of anti-CSRF tokens, cookies without the HttpOnly flag, cookies without the SameSite attribute, cross-domain JavaScript source inclusion, incomplete or missing Cache-Control/Pragma headers, X-Powered-By response header exposed, and missing X-Content-Type-Options header. The overall risk ratings comprised medium risk (4 findings) and low risk (7 findings). In terms of confidence, there were medium confidence (8 findings) and high confidence (3 findings) alerts. Based on validation of the OWASP ZAP findings, two items map to the OWASP Top 10: Broken Access Control (risk: medium, confidence: high) and Cross-Site Scripting (XSS) (risk: medium, confidence: medium). Consequently, the most plausible attack scenarios include cross-site scripting and account takeover.
References
I. Riadi, A. Yudhana, and Y. W, “Analisis Keamanan Website Open Journal System Menggunakan Metode Vurnerability Assessment,” J. Teknol. Inf. dan Ilmu Komput., vol. 7, no. 4, pp. 853–860, 2019, doi: 10.25126/jtiik.202071928.
Y. Taryana and N. Heryana, “ANALISIS KEAMANAN WEBSITE BPJS KESEHATAN MENGGUNAKAN METODE VULNERABILITY ASESEMENT.”
E. Irawadi Alwi and L. Budi Ilmawan, “Analisis Keamanan Sistem Informasi Akademik (SIAKAD) Universitas XYZ Menggunakan Metode Vulnerability Assessment,” 2021.
J. Pendidikan and D. Konseling, “Analisis Keamanan Website Universitas Singaperbangsa Karawang Menggunakan Metode Vulnerability Assessment.”
M. Orisa and M. Ardita, “VULNERABILITY ASSESMENT UNTUK MENINGKATKAN KUALITAS KEMANAN WEB,” 2021.
M. Orisa and M. Ardita, “VULNERABILITY ASSESMENT UNTUK MENINGKATKAN KUALITAS KEMANAN WEB,” 2021.
W. Wahyudin, H. Kuswara, R. Resti, and S. Dalis, “Metode Vulnerability Assesment Dalam Pengujian Kinerja Sistem Keamanan Website Points of Sales,” Comput. Sci., vol. 4, no. 1, pp. 44–52, 2024, doi: 10.31294/coscience.v4i1.2978.
Y. Mulyanto, E. Haryanti, and J. Jumirah, “Analisis Keamanan Website Sman 1 Sumbawa Menggunakan Metode Vulnerability Asesement,” J. Inform. Teknol. dan Sains, vol. 3, no. 3,
pp. 394–400, 2021, doi: 10.51401/jinteks.v3i3.1260.
M. I. Fadillah, U. Yunan, K. S. Yanto, and M. Fathinuddin, “Analisis Security Mitigation dengan Metode Vulnerability Assesment and Penetration Testing (VAPT) (Kasus Website Kerja Praktek dan Pengabdian Masyarakat),” J. Sains Komput. Inform. (J-SAKTI, vol. 7, no. 2, pp. 753–764, 2023.
M. A. Aziz, “Vulnerability Assesment Untuk Mencari Celah Keamanan Web Aplikasi E- Learning Pada Universitas Xyz,” J. Eng. Comput. Sci. Inf. Technol., vol. 2, no. 1, 2023, doi: 10.33365/jecsit.v1i1.13.
Rifky Lana Rahardian, “Analisis Keamanan Web New Kuta Golf Menggunakan Metode Vulnerability Assessments Dan Perhitungan Security Metriks,” J. Inform. Dan Tekonologi Komput., vol. 2, no. 3, pp. 256–265, 2022, doi: 10.55606/jitek.v2i3.582.
S. A. Putra, A. Budiono, and U. Y. K. Septo, “Vulnerability Assesment Web ProposalTugas Akhir Mahasiswa MenggunakanAcunetix dan NMAP,” eProceedings …, vol. 10, no. 2, pp. 1615–1622, 2023, [Online]. Available: https://openlibrarypublications.telkomuniversity.ac.id/index.php/engineering/article/view/19 972%0Ahttps://openlibrarypublications.telkomuniversity.ac.id/index.php/engineering/articl e/download/19972/19337
A. M. Marpaung, F. Husnah, S. D. Efita, and A. B. Nasution, “Perancangan Sistem Keamanan Website Dengan Metode Hill Chiper,” J. Sains dan Teknol., vol. 3, no. 1, pp. 120–129, 2023, doi: 10.47233/jsit.v3i1.494.
I. A. Hakim, F. A. Pratama, R. A. Sitorus, A. Firdaus, and S. Fadilah, “Meningkatkan Kewaspadaan Terhadap Kejahatan Cyber Di Era Digital Di SMK Negeri 8 Kabupaten Tangerang,” vol. 1, no. 4, pp. 188–194, 2023.
R. Armando, I. G. A. K. A. Melyantara, R. Elfariani, D. F. A. Latuconsina, and M. Nasrullah, “IT Support Website Security Evaluation Using Vulnerability Assessment Tools,” J. Inf. Syst. Informatics, vol. 4, no. 4, pp. 949–957, 2022, doi: 10.51519/journalisi.v4i4.330.
B. A, “10 Tools untuk Vulnerability Assessment,” MENGGUNAKAN.ID. Accessed: May 14, 2024. [Online]. Available: https://www.menggunakan.id/10-tools-untuk-vulnerability- assessment/
