Website Vulnerability Testing and Analysis of Website Application Using OWASP

Diah Priyawati, Siti Rokhmah, Ihsan Cahyo Utomo

Abstract

Many businesses, organizations, and social institutions use websites to support their main tasks. The various benefits of the website must be supported by the security aspects of the website in order to avoid hacking. Cyber attacks or hackers can do dangerous things like get more valuable data. So it is necessary to test a good website to find out the level of vulnerability of application features in it. A suitable test for websites where the website is distributed over a network is the grey box penetration test. This study performs a grey box penetration testing technique using the OWASP method and the OWASP ZAP tool. The test steps are collecting test target information, performing automatic scanning with the help of OWASP ZAP, exploiting the scan results, reporting, and providing recommendations. The test results show the target application website has 12 vulnerabilities with 8.3% at the high level vulnerability or 1 alert, 41.7% at the medium level or 5 alerts, 33.3% at the low level or 4 alerts, and 16.7 at the informational level or 2 alerts. These vulnerabilities are related to matters related to A01-Broken Access Control, A03-Injection, A05-Security Misconfiguration, and A08-Software and Data Integrity Failures.

Full Text:

PDF

References

R. R. Rerung, Pemrograman Web Dasar. Deepublish, 2018.

B. H. K. Kominfo, “Kementerian Komunikasi dan Informatika.” https://www.kominfo.go.id/content/detail/43363/siaran-pers-no-306hmkominfo072022-tentang-tantangan-keamanan-siber-makin-besar-indonesia-dorong-tata-kelola-data-lintas-negara/0/siaran_pers (accessed Sep. 02, 2022).

I. M. Edy Listartha, I. M. A. Premana Mitha, M. W. Aditya Arta, and I. K. W. Yuda Arimika, “Analisis Kerentanan Website SMA Negeri 2 Amlapura Menggunakan Metode OWASP (Open Web Application Security Project),” Simkom, vol. 7, no. 1, pp. 23–27, 2022, doi: 10.51717/simkom.v7i1.63.

S. Roohullah Jan, S. Tauhid Ullah Shah, Z. Ullah Johar, Y. Shah, and F. Khan, “An Innovative Approach to Investigate Various Software Testing Techniques and Strategies,” Int. J. Sci. Res. Sci. Eng. Technol., vol. 2, no. 2, pp. 682–689, 2016.

M. Ehmer and F. Khan, “A Comparative Study of White Box, Black Box and Grey Box Testing Techniques,” Int. J. Adv. Comput. Sci. Appl., vol. 3, no. 6, pp. 12–15, 2012, doi: 10.14569/ijacsa.2012.030603.

A. Bansal, “A Comparative Study of So ware Testing Techniques A Comparative Study of Software Testing Techniques,” IJCSMC J., vol. 3, no. 6, pp. 579–584, 2014, [Online]. Available: www.ijcsmc.com%0AInternational.

I. R. Dhaifullah, H. Muttanifudin H, A. A. Salsabila, and M. A. Yakin, “Survei Teknik Pengujian Software,” JACIS J. Autom. Comput. Inf. Syst., vol. 2, no. 1, pp. 31–38, 2022.

W. D. W. I. Nugroho, “Pengujian Greybox pada Sistem Pemantauan Kualitas Udara dalam Ruangan Berbasis Arduino Mega WAAHID DWI NUGROHO, Unan Yusmaniar O, S.T., M.Sc., Ph.D.,” 2021.

B. T. K. Dewi and M. A. Setiawan, “Kajian Literatur: Metode dan Tools Pengujian Celah Keamanan Aplikasi Berbasis Web,” Automata, 2022, [Online]. Available: https://journal.uii.ac.id/AUTOMATA/article/view/21883.

L. Dukes, X. Yuan, and F. Akowuah, “A case study on web application security testing with tools and manual testing,” Conf. Proc. - IEEE SOUTHEASTCON, 2013, doi: 10.1109/SECON.2013.6567420.

E. B. Setiawan and A. Setiyadi, “Web vulnerability analysis and implementation,” IOP Conf. Ser. Mater. Sci. Eng., vol. 407, no. 1, pp. 0–8, 2018, doi: 10.1088/1757-899X/407/1/012081.

R. Revo, G. Made, A. Sasmita, I. P. Agus, and E. Pratama, “Testing for Information Gathering Using OWASP Testing Guide v4 (Case Study : Udayana University SIMAK-NG Application),” J. Ilm. Teknol. dan Komput., vol. 1, no. 1, 2020.

B. Ghozali, K. Kusrini, and S. Sudarmawan, “Mendeteksi Kerentanan Keamanan Aplikasi Website Menggunakan Metode Owasp (Open Web Application Security Project) Untuk Penilaian Risk Rating,” Creat. Inf. Technol. J., vol. 4, no. 4, p. 264, 2019, doi: 10.24076/citec.2017v4i4.119.

Refbacks

  • There are currently no refbacks.