DETEKSI SERANGAN VULNERABILITY PADA OPEN JURNAL SYSTEM MENGGUNAKAN METODE BLACK-BOX

  • Yunanri W
  • Rodi anto Universitas Teknologi Sumbawa
  • Doddy Teguh Yuwono
  • Yuliadi Yuliadi

Abstract

Pengujian penetration testing adalah serangkaian kegiatan yang dilakukan untuk mengidentifikasi dan mengeksploitasi kerentanan keamanan. Penetration testing merupakan pengujian pada sistem yang memiliki elemen yang bersifat kritis membahayakan apalikasi Open Journal System (OJS) yang berjalan pada internet. Metodologi menggunakan metdoe Blackbox dimana, proses pengujian dilakukan untuk mengetahui tingkat kesalahan yang bersifat kritis pada perangkat lunak, mencakup tiga fase: persiapan pengujian, tes dan analisis tes. Tahap uji coba melibatkan langkah-langkah berikut: pengumpulan informasi, analisis kerentanan, dan kerentanan mengeksploitasi. Pengujian Penetration testing. Pengujian yang telah dilakukan mengidetifikasi 1 kerentanan high risk, 7 kerentanan medium risk, 90 pada kerentanan low risk pada ojs. Total vulnerability pada pengujian berjumlah 98 vulnerability file sistem dengan tambahan informasi 1043 file sistem untuk ditindaklanjuti dalam perbaikan.  

References

[1] Z. Yang, “A NEW METHOD FOR VULNERABILITY ANALYSIS AND APPLICATION IN RURAL DWELLINGS,” 2019 Symp. Piezoelectrcity,Acoustic Waves Device Appl., no. 1, pp. 1–4, 2019.
[2] A. Mendoza and G. Gu, “Mobile Application Web API Reconnaissance : Web-to-Mobile Inconsistencies & Vulnerabilities,” 2018 IEEE Symp. Secur. Priv., pp. 756–769, 2018.
[3] J. Hu et al., “A Memory-Related Vulnerability Detection Approach Based on Vulnerability Features,” vol. 25, no. 5, pp. 604–613, 2020.
[4] N. Naik, P. Jenkins, N. Savage, and L. Yang, “Cyberthreat Hunting - Part 2 : Tracking Ransomware Threat Actors using Fuzzy Hashing and Fuzzy C-Means Clustering,” 2019 IEEE Int. Conf. Fuzzy Syst., pp. 1–6, 2019.
[5] R. Madhusudhan, “Cross Channel Scripting ( XCS ) Attacks in Web Applications : Detection and Mitigation Approaches,” 2018 2nd Cyber Secur. Netw. Conf., pp. 1–3, 2018.
[6] L. Pang, M. Yu, W. Yi, G. Jiang, W. Liu, and Z. Jiang, “Relativity Analysis-Based Error Concealment Algorithm for Entire Frame Loss of Stereo Video,” 2006.
[7] S. Q. R. Codes, M. Yuan, S. Member, K. Liu, and S. Singamaneni, “Self-Powered Forward Error-Correcting Biosensor Based on Integration of Paper-Based Microfluidics,” pp. 1–9, 2016.
[8] A. Schr and N. Bettenburg, “Do Stack Traces Help Developers Fix Bugs ?,” pp. 118–121, 2010.
[9] E. Crifasi, S. Pike, and Z. Stuedemann, “Cloud-Based Source Code Security and Vulnerabilities Analysis Tool for C / C ++ Software Systems,” 2018 IEEE Int. Conf. Electro/Information Technol., pp. 651–654, 2018.
[10] M. Almousa, N. C. A, and T. State, “Predictive Analytics,” 2019 17th Int. Conf. Privacy, Secur. Trust, pp. 1–3, 2019.
[11] A. Alzahrani, A. Alqazzaz, H. Fu, and N. Almashfi, “Web Application Security Tools Analysis,” 2017.
[12] R. A. Khan, “Evaluating Performance of Web Application Security Through a Fuzzy Based Hybrid Multi-Criteria Decision-Making Approach: Design Tactics Perspective,” vol. 8, 2020.
[13] S. Tyagi, “Evaluation of Static Web Vulnerability Analysis Tools,” 2018 Fifth Int. Conf. Parallel, Distrib. Grid Comput., pp. 1–6, 2018.
[14] A. Shukla, B. Katt, and L. O. Nweke, “Vulnerability Discovery Modelling With Vulnerability Severity,” 2019.
[15] L. K. Shar, D. Bianculli, L. Briand, and J. Thom, “An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving,” vol. 5589, no. c, pp. 1–33, 2018.
[16] C. Ping, “A second-order SQL injection detection method,” pp. 1792–1796, 2017.
Published
2021-04-19
How to Cite
W, Yunanri et al. DETEKSI SERANGAN VULNERABILITY PADA OPEN JURNAL SYSTEM MENGGUNAKAN METODE BLACK-BOX. Jurnal Informatika dan Rekayasa Elektronik, [S.l.], v. 4, n. 1, p. 68 - 77, apr. 2021. ISSN 2620-6900. Available at: <https://e-journal.stmiklombok.ac.id/index.php/jire/article/view/365>. Date accessed: 13 may 2021. doi: https://doi.org/10.36595/jire.v4i1.365.