Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment

Penulis

Imam Riadi, Anton Yudhana, Yunanri W

Abstrak

Open Journal System (OJS) merupakan perangkat lunak yang berfungsi sebagai sarana publikasi ilmiah dan digunakan diseluruh dunia. OJS yang tidak dipantau beresiko diserang oleh hacker.  Kerentanan yang di timbulkan oleh hacker akan berakibat buruk terhadap performa dari sebuah OJS.  Permasalahan yang dihadapi pada sistem OJS meliputi network, port discover, proses audit exploit sistem OJS. Proses audit sistem pada OJS mencakup SQL Injection, melewati firewall pembobolan password. Parameter input yang digunakan adalah IP address dan port open access. Metode yang digunakan adalah vulnerability assessment. Yang terdiri dari beberapa tahapan seperti information gathering atau footprinting, scanning vulnerability, reporting. Kegiatan ini bertujuan untuk mengidentifikasi celah keamanan pada website open journal system (OJS). Penelitian ini menggunakan open web application security project (OWASP). Pengujian yang telah dilakukan berhasil mengidentifikasi 70 kerentanan high, 1929 medium, 4050 low pada OJS, Total nilai vulnerability pada OJS yang di uji coba sebesar 6049. Hasil pengujian yang dilakukan menunjukkan bahwa pada OJS versi 2.4.7 memiliki banyak celah kerentanan atau vulnerability, tidak di rekomendasi untuk digunakan. Gunakanlah versi terbaru yang dikeluarkan oleh pihak OJS Public knowledge  project (PKP).

 

Abstract

The Open Journal System (OJS) is A software that functions as a means of scientific publication and is used throughout the world. OJS that is not monitored is at risk of being attacked by hackers. Vulnerabilities caused by hackers will adversely affect the performance of an OJS. The problems faced by the OJS system include the network, port discover, OJS system audit exploit process. The system audit process on the OJS includes SQL Injection, bypassing the firewall breaking passwords. The input parameters used are the IP address and open access port. The method used is a vulnerability assessment. Which consists of several stages such as information gathering or footprinting, scanning vulnerability, reporting. This activity aims to identify security holes on the open journal system (OJS) website. This study uses an open web application security project (OWASP). Tests that have been carried out successfully identified 70 vulnerabilities high, 1929 medium, 4050 low in OJS, the total value of vulnerability in OJS which was tested was 6049. The results of tests conducted showed that in OJS version 2.4.7 had many vulnerabilities or vulnerabilities, not on recommendations for use. Use the latest version issued by the OJS Public Knowledge Project (PKP).


Teks Lengkap:

PDF

Referensi


BARGHUTHI, SALEH, ALSUWAIDI, ALHAMMADI, 2017. Information Technology Trends (ITT). IEEE. “Evaluation of Portable Penetration Testing on Smart Cities Applications Using Raspberry Pi III.” (Itt): 25–26. higher Colleges of Technology Sharjah, United Arab Emirates.

GHANEM dan BELATON, 2013. IEEE.Conference, Ieee International, Computer Sciences, and Universiti Sains. “Improving Accuracy of Applications Fingerprinting on Local Networks Using NMAP-AMAP-ETTERCAP as a Hybrid Framework.”: 403–7. Sechool of Computer Sciences. Universiti Sains Malaysia (USM). Penang. Malaysia.

ELIZABETH dan JIMENEZ, 2016. ITCA-FEPADE. “Pentesting on Web Applications Using Ethical Hacking.” (503). El Salvador.

FIRDAUSY, KARTIKA, SAMADRI, dan YUDHANA. A, 2008. TELKOMNIKA “Sistem Informasi Perpustakaan Berbasis Web Dengan Php Dan Mysql.” TELKOMNIKA (Telecommunication Computing Electronics and Control) 6(2): 109. Program Studi Teknik Elektro. Universitas Ahmad Dahlan Yogyakarta. Indonesia.

AKHOON, GANAIE, dan KHAZIR, 2018. IEEE. “Research Data Management in Open Access Journals by Developed Countries.” 2018 5th International Symposium on Emerging Trends and Technologies in Libraries and Information Services (ETTLIS): 116–20. Department of Lib and Information Science, University of Kashmir.

HAN WU, GAO, ZU, 2018. IEEE “An Assessment Approach of the Power System Vulnerability Considering the Uncertainties of Wind Power Integration.” 2018 China International Conference on Electricity Distribution (CICED) (201804270000656): 741–45. Student Member IEEE.

LETIAN, JIANMING, JING dan GOJUN, 2014. IEEE. “PVDF: An Automatic Patch-Based Vulnerability Description and Fuzzing Method”. School of Computer, Wuhan University, China, Key Lab of Aerospace Information Security and Trusted Computing, Ministry Education, Wuhan University, China

KURNIAWAN, RIADI. I dan LUTHFI, 2017. Internasional Journal of Computer Science and Information Security (IJCSIS). “Forensic Analysis and Prevent of Cross Site Scripting in Single Victim Attack Using Open Web Application Security Project (OWASP) Framework.” Journal of Theoretical and Applied Information Technology 95(6): 1363–71.

Department of Informatics Engineering, Department of Information System, Department of Informatics Engineering. Islamic Univesity of Indonesia, Ahmad Dahlan University Yogyakarta, Indonnesia.

KURNIAWAN. RIADI. I, 2018. IJCSIS. “Security Level Analysis of Academic Information System Based on Standart ISO27002: 2013 Using SSE-CMM.” (January). Department of Informatics Engineering Islamic Univesity of Indonesia Yogyakarta, Indonesia, Department of Information System. Ahmad Dahlan University Yogyakarta, Indonesia.

MANALU, WILLY, dan PRIATNA, 2017. IEEE. Internasional Conference on Eletrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON). “Development of Review Rating and Reporting in Open Journal System.”: 842–45. School of Computer Science, Bina Nusantara University Jakarta, Indonesia.

MUTEMWA, MTSWENI, ZIMBA, 2018. “Integrating a Security Operations Centre with an Organization’ s Existing Procedures, Policies and Information Technology Systems.” 2018 International Conference on Intelligent and Innovative Computing Applications (ICONIC): 1–6. Department of Peace, Safety and Security The Council of Scientic and Industrial Resarch Pretoria, South Africa.

NAIK, dan JENKIN, 2018. “Discovering Hackers by Stealth: Predicting Fingerprinting Attacks on Honeypot Systems.” 2018 IEEE International Systems Engineering Symposium (ISSE): 1–8. Defence school of Comunications and Information System Ministry of Defence, United Kingdom.

RIADI. I dan UMAR. R, 2016. PPs UMY. “Analisis Forensik Serangan SQL INJECTION Menggunakan Metode Statis Forensik.”: 102–3. Sistem Informasi, Teknik Informatika, Magister Teknik Infrotmatika. Universitas Ahmad Dahlan Yogyakarta, Indonesia

GORBENKO, ROMANOVSKY, TARASYUK, BILOBORODOY, 2017. IEEE. “Experience Report: Study of Vulnerabilities of Enterprise Operating Systems.”School of Computing, Creative Technologies & Engineering, Leeds Backeet University, Leeds, United Kingdom (UK).

UN, MENG, GAO, BO HU, 2018. IEEE. “Universal Framework for Vulnerability Assessment of Power Grid Based on Complex Networks.”: 136–41. School of Information Science and Engineering, Northeastern University, Shenyang. State Grid Huludao Electric Power Supplay Company, Huludao.

BO WANG, dan XUNTING WANG. 2018. IEEE. “Vulnerability Assessment Method for Cyber Physical Power System Considering Node Heterogeneity.” 2018 IEEE Innovative Smart Grid Technologies - Asia (ISGT Asia): 1109–13. Department of Electrical Engineering, Wuhan University, Wuhan China.

YUDHANA. A., RIADI. I., RIDHO. F, 2018. IJACSA Internasional Journal of Advanced Computer Science and Applications. “DDoS Classification Using Neural Network and Naïve Bayes Methods for Network Forensics.” 9(11): 177–83. Department of Electrical Engineering, Department of Information System, and Department of Informatics Engineering. Universitas Ahmad Dahlan Yogyakarta, Indonesia. Vol 9. No.11.

YUNANRI, RIADI. I, YUDHANA. A, 2018. JURTI “Analisis Deteksi Vulnerability Pada Webserver Open Journal System Menggunakan OWASP Scanner.” Magister Teknik Informatika, Sistem Informasi, Teknik Elektro. Universitas Ahmad Dahlan Yogyakarta, Indonesia. Vol 2, Juni 2018.




DOI: http://dx.doi.org/10.25126/jtiik.2020701928