EVALUASI KEAMANAN DASAR WEBSITE UNIVERSITAS UDAYANA MENGGUNAKAN SSL LABS DAN SECURITYHEADERS.COM

Authors

  • Kadek Aryana Dwi Putra Universitas Udayana
  • Ni Made Ayu Martiani Universitas Pendidikan Ganesha

DOI:

https://doi.org/10.36595/misi.v9i2.2020

Keywords:

website security, SSL, security headers, SSL Labs, university website

Abstract

Website perguruan tinggi berperan penting sebagai media informasi resmi sehingga aspek keamanan perlu diperhatikan untuk melindungi komunikasi antara pengguna dan server. Penelitian ini bertujuan mengevaluasi keamanan dasar website Universitas Udayana berdasarkan konfigurasi SSL/TLS dan HTTP Security Headers. Metode yang digunakan adalah deskriptif kuantitatif dengan pendekatan audit keamanan menggunakan SSL Labs dan SecurityHeaders.com. Objek penelitian adalah website resmi Universitas Udayana (https://www.unud.ac.id/). Hasil pengujian menunjukkan bahwa website memperoleh grade B dari SSL Labs. Website telah menggunakan sertifikat yang valid, mendukung TLS 1.2 dan TLS 1.3, serta tidak mendukung SSL 2 dan SSL 3. Namun, TLS 1.0 dan TLS 1.1 masih aktif sehingga membatasi nilai keamanan yang diperoleh. Sementara itu, SecurityHeaders.com memberikan grade C. Website telah menerapkan X-Frame-Options, X-Content-Type-Options, dan Referrer-Policy, tetapi belum menerapkan Strict-Transport-Security, Content-Security-Policy, dan Permissions-Policy. Secara umum, keamanan dasar website Universitas Udayana tergolong cukup baik, namun masih memerlukan perbaikan melalui penonaktifan protokol TLS lama dan penguatan security headers untuk meningkatkan perlindungan terhadap berbagai risiko keamanan web.

Downloads

Download data is not yet available.

References

[1] E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.3," Internet Engineering Task Force, RFC 8446, Aug. 2018, doi: 10.17487/RFC8446.

[2] P. Kotzias, A. Razaghpanah, J. Amann, K. G. Paterson, N. Vallina-Rodriguez, and J. Caballero, "Coming of Age: A Longitudinal Study of TLS Deployment," in Proc. ACM Internet Measurement Conference (IMC), Boston, MA, USA, 2018, pp. 415-428, doi: 10.1145/3278532.3278568.

[3] K. Moriarty and S. Farrell, "Deprecating TLS 1.0 and TLS 1.1," Internet Engineering Task Force, RFC 8996, Mar. 2021, doi: 10.17487/RFC8996.

[4] National Institute of Standards and Technology, "Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations," NIST Special Publication 800-52 Revision 2, Gaithersburg, MD, USA: NIST, 2019, doi: 10.6028/NIST.SP.800-52r2.

[5] W. J. Buchanan, S. Helme, and A. Woodward, "Analysis of the Adoption of Security Headers in HTTP," IET Information Security, vol. 12, no. 2, pp. 118-126, 2018, doi: 10.1049/iet-ifs.2016.0621.

[6] S. Calzavara, S. Roth, A. Rabitti, M. Backes, and B. Stock, "A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web," in Proc. 29th USENIX Security Symposium, 2020, pp. 683-697.

[7] A. Lavrenovs and F. J. R. Melón, "HTTP Security Headers Analysis of Top One Million Websites," in Proc. 10th International Conference on Cyber Conflict (CyCon), Tallinn, Estonia, 2018, pp. 345-370, doi: 10.23919/CYCON.2018.8405025.

[8] A. Syed, M. Alzahrani, and S. Bradley, "A Comparative Analysis of HTTP Security Header Implementation on Popular Websites," Information, vol. 11, no. 6, p. 291, 2020, doi: 10.3390/info11060291.

[9] D. Chandra, G. Guntoro, and A. Wahyudi, "Analisis Keamanan Website Perguruan Tinggi Menggunakan Metode OWASP," Jurnal Informatika dan Sistem Informasi, vol. 8, no. 2, pp. 95-104, 2022.

[10] National Institute of Standards and Technology, "Securing Web Transactions: TLS Server Certificate Management," NIST Special Publication 1800-16, Gaithersburg, MD, USA: NIST, Jun. 2020, doi: 10.6028/NIST.SP.1800-16.

[11] W3C Web Application Security Working Group, "Permissions Policy," W3C Working Draft, 2022. [Online]. Available: https://www.w3.org/TR/permissions-policy/

[12] I. Alhassan, I. Abba-Dabo, M. S. Umar, and M. Abdullahi, "Security Evaluation of University Websites: A Case Study of Federal Universities in Nigeria," International Journal of Computer Applications, vol. 166, no. 9, pp. 1-7, 2017.

[13] R. Sinha and S. Karmakar, "Evaluating Web Security Headers and SSL/TLS Configurations of Indian Educational Institutions," International Journal of Information Security Science, vol. 10, no. 4, pp. 112-125, 2021.

[14] K. A. D. Putra, I. P. Suhartika, N. P. P. Haryanti, and N. A. S. Pramestisari, "Analisis Pengaruh Kualitas Web Perpustakaan Universitas Udayana Terhadap Kepuasan Pengguna Menggunakan Webqual 4.0," Pustakaloka, vol. 14, no. 2, pp. 148-165, 2022.

[15] K. A. D. Putra, W. Nashihuddin, and F. Hidayatullah, "Analysis of Interface & Information Content of LIPI Botanical Gardens Website Based on Scanmic Model," Record and Library Journal, vol. 7, no. 1, pp. 112-124, 2021.

[16] Qualys SSL Labs, "SSL Server Rating Guide," Qualys, Inc., 2022. [Online]. Available: https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide

[17] S. Helme, "SecurityHeaders.com," 2023. [Online]. Available: https://securityheaders.com

Downloads

Published

08-06-2026

How to Cite

Putra, K. A. D., & Martiani, N. M. A. (2026). EVALUASI KEAMANAN DASAR WEBSITE UNIVERSITAS UDAYANA MENGGUNAKAN SSL LABS DAN SECURITYHEADERS.COM. Jurnal Manajemen Informatika Dan Sistem Informasi, 9(2), 227–236. https://doi.org/10.36595/misi.v9i2.2020

Issue

Vol. 9 No. 2 (2026): MISI Juni 2026

Section

Articles

License

Semua tulisan pada jurnal ini menjadi tanggungjawab penuh penulis.