Vulnerability Testing and Analysis on Websites and Web-Based Applications in the XYZ Faculty Environment Using Acunetix Vulnerability
How to cite (IJASEIT) :
The internet's continuous evolution has profoundly impacted society through the advancement of website technology and applications, reshaping contemporary ways of life. These digital platforms offer unrestricted information access, overcoming spatial and temporal limitations. In the realm of software development, Vulnerability Assessment is essential for producing high-quality products, as seemingly minor errors can create dangerous vulnerabilities that malicious actors may exploit to pilfer information from websites or applications. This study examines the security level of the Integrated website and application within the Faculty of Medicine, Universitas Andalas (Fakultas XYZ) environment, utilizing the Acunetix Web Vulnerability Scanner tool. The initial scan revealed a threat level of 3 (high) for the Fakultas XYZ website and level 2 (medium) for the Integrated application. Following a recapitulation process, several web alerts were identified for optimization, including Cross-Site Scripting (XSS), Blind SQL Injection, Application error message, HTML form without CSRF protection, Development configuration file, Directory listing, Error message on page, and User credentials sent in clear text. The optimization process involved source code review and enhancement to improve website features. A subsequent scan post-optimization demonstrated a reduction in threat levels for both the website and the UNAND FK Symphony application, with both achieving threat level 1 (low).
[2] Mayasari, R., dkk. (2020). Analisis Vulnerability pada Website Universitas Singaperbangsa Karawang menggunakan Acunetix Vulnerability. SYSTEMATICS. Vol. 2, No. 1, April 2020, pp 33-38. https://doi.org/10.35706/sys.v2i1.3450
[3] Setiawan, MF., dkk (2022). Penutupan Celah Keamanan Menggunakan Metode Hardening Studi Kasus: Cloudfri Closing Security Vocations. e-Proceeding of Engineering : Vol.9, No.2 April 2022, pp 656-663. ISSN : 2355-9365
[4] Using The Hardening Method Case Study: Cloudfri. e-Proceeding of Engineering : Vol. 9, No.2 April 2022. pp 656. ISSN : 2355-9365
[5] Fajar, FA., dkk/ (2020). Analisis Keamanan Aplikasi Web Prodi Teknik Informatika UIKA Menggunakan Acunetix Web Vulnerability. Jurnal INOVA-TIF. Vol. 3 No. 2, pp 110-120. http://dx.doi.org/10.32832/inova-tif.v3i2
[6] Riadi, I., dkk. (2021). Optimasi Keamanan Web Server terhadap Serangan Broken Authentication Menggunakan Teknologi Blockchain. JISKa, Vol. 6, No. 3, September, 2021, pp. 139 – 14. https://doi.org/10.14421/jiska.2021.6.3.139-148
[7] Zirwan, A., dkk. (2022). Pengujian dan Analisis Keamanan Website Menggunakan Acunetix Vulnerability Scanner. Jurnal Informasi dan Teknologi. Vol. 4 No. 1, pp 70-7. https://doi.org/10.37034/jidt.v4i1.190
[8] Listartha, IME., dkk. (2021). Pengujian Kerentanan dan Penetrasi Keamanan pada Aplikasi Web Manajemen Skripsi Prodi XYZ. ScientiCO : Computer Science and Informatics Journal. Vol. 4, No. 2, (2021). E-ISSN: 2620-4118
[9] Sandy, Solihin, HH. (2021). Audit Keamanan dan Manajemen Risiko pada e-Learning Universitas Sangga Buana . Jurnal Manajemen Informatika (JAMIKA). Vol. 11 Nomor 1 Edisi April 2021. https://doi.org/10.34010/jamika.v11i1.3641
[10] Ashar, R. (2022). Analisis Keamanan Open Website Menggunakan Metode OWASP dan ISSAF. Jurnal Informasi dan Teknologi. Vol. 4 No. 4 pp 211-218. https://doi.org/10.37034/jidt.v4i4.233
[11] Kritianto, F., dkk. (2022). Analisis Kerentanan pada Website Servio Menggunakan Acunetix Web Vulnerability. Journal of Technology Research in Information System and Engineering (JTRISTE). Vol. 9, No. 1, Maret 2022, pp 46~55. https://doi.org/10.55645/jtriste.v9i1.363
[12] Aziz, Muhammad. (2022). Vulnerability Assesment Untuk Mencari Celah Keamanan Web Aplikasi E-Learning Pada Universitas XYZ. Journal of Engineering, Computer Science and Informatics Technology (JECSIT). Vol. 1, No. 1, 2021, pp 101-109. https://doi.org/10.33365/jecsit.v2i1
[13] Budiman, A., dkk. (2021). Analisis Celah Keamanan Aplikasi Web E-Learning Universitas ABC dengan Vulnerability Assesment. Jurnal Komputasi. Vol 9 No. 2 , 2021, pp 1-10. http://dx.doi.org/10.23960%2Fkomputasi.v9i2
[14] Zen, BP., dkk. (2020). Analisis Security Assessment Menggunakan Metode Penetration Testing dalam Menjaga Kapabilitas Keamanan Teknologi Informasi Pertahanan Negara. Jurnal Teknologi Penginderaan. Vol 2, No 1 (2020), pp 105-122
[15] Rahardian, RL. (2022). Analisis Keamanan Web New Kuta Golf Menggunakan Metode Vulnerability Assessments Dan Perhitungan Security Metriks. Jurnal Informatika Dan Teknologi Komputer (JITEK). Vol. 2 No. 3 (2022): November, pp 256-265. https://doi.org/10.55606/jitek.v2i3.582
[16] Nasir, SWN., dkk. (2021). Vulnerability Testing Analysis of XYZ Regional Government Site Using PTES. Jurnal Teknik Informatika dan Sistem Informasi. Vol. 8, No. 3, September 2021, pp 1543-1556. https://doi.org/10.35957/jatisi.v8i3.1224
[17] Orisa, M., Ardita, M. (2021). Vulnerability Assesment untuk Meningkatkan Kualitas Kemanan Web. MNEMONIC Jurnal Teknik Informatika. Vol 4, No. 1, Februari 2021, pp 16-19. https://doi.org/10.36040/mnemonic.v4i1.3213
[18] Raazi, IM,. Dkk. (2023). Uji Vulnerability Assessment dalam Mengetahui Tingkat Keamanan Web Aplikasi Sistem Informasi Laporan Diskominfo Dan Sandi Aceh. JINTECH: Journal of Information Technology. Vol. 4, No. 1. Februari 2023, pp : 1 – 15. https://doi.org/10.22373/jintech.v4i1.2409
[19] Suputri, KA., dkk. (2022). Perbandingan Tools Vulnerability Scanning Pada Pengujian Sebuah Website. Informatik : Jurnal Ilmu Komputer. Vol 18 No 3 (2022): Desember 2022, pp 269-277. https://doi.org/10.52958/iftk.v18i3.5133
[20] Ardita, IKAO., dkk. (2022). Analisis Keamanan Aplikasi Android Dengan Metode Vulnerability Assessment. Jurnal Elektronik Ilmu Komputer Udayana. Volume 10, No 3. February 2022, pp 279-286. e-ISSN: 2654-5101
[21] Ramadhan, RA., dkk. (2022). Edukasi Pemrograman WEB Fundamental Sebagai Ilmu Wajib Era Industri 4.0. Jurnal Pengabdian Masyarakat dan Penerapan Ilmu Pengetahuan. Volume 03, No. 01, 2022, pp 11-15. https://doi.org/10.25299/jpmpip.2022.10591
[22] Mahardika, BT. (2020). Perancangan Sistem Informasi Management Siswa Berprestasi Berbasis Android Pada SMK Pgri Rawalumbu. Jurnal Sains dan Teknologi (JST). Vol. 10 No. 2 (2020). ISSN 2088-060X
[23] Mulyanto, Y., dkk. (2022). Analisis Keamanan Website SMA Negeri 2 Sumbawa Besar Menggunakan Metode Penetration Testing (Pentest) Journal of Information System Research (JOSH). Volume 4, No. 1, Oktober 2022, pp 202−209. https://doi.org/10.47065/josh.v4i1.2335
[24] Ibrahim, AM., dkk. (2022). Analisis Keamanan Sistem pada Website Perusahaan CV. Kazar Teknologi Indonesia dengan Metode Vulnerability Assesment and Penetration Testing (VAPT). Seminar Nasional Mahasiswa Ilmu Komputer dan Aplikasinya (SENAMIKA). Jakarta-Indonesia, 14 April 2022. e-ISSN 2962-6129
[25] Soebijono, T., Martinus, SE. (2022). Audit Sistem Informasi Menggunakan Framework Cobit Pada Sekolah Tinggi “X” Surabaya. Jurnal Riset Mahasiswa Akuntansi (JRMA). Volume X, No. 1, Tahun 2022, pp 71-81. e-ISSN : 2715 – 7016
[26] Zuraidah, E., Sulthon, BM. (2022). Audit Sistem Informasi Penjualan Pada UMKM MAM Menggunakan Framework Cobit 5. JURIKOM (Jurnal Riset Komputer), Vol. 9 No. 5, Oktober 2022. http://dx.doi.org/10.30865/jurikom.v9i5.4985
Please find the rights and licenses in the Journal of Information Technology and Computer Engineering (JITCE).
1. License
The non-commercial use of the article will be governed by the Creative Commons Attribution license as currently displayed on Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
2. Author(s)’ Warranties
The author(s) warrants that the article is original, written by stated author(s), has not been published before, contains no unlawful statements, does not infringe the rights of others, is subject to copyright that is vested exclusively in the author and free of any third party rights, and that any necessary permissions to quote from other sources have been obtained by the author(s).
3. User Rights
JITCE adopts the spirit of open access and open science, which disseminates articles published as free as possible under the Creative Commons license. JITCE permits users to copy, distribute, display, and perform the work for non-commercial purposes only. Users will also need to attribute authors and JITCE on distributing works in the journal.
4. Rights of Authors
Authors retain the following rights:
- Copyright, and other proprietary rights relating to the article, such as patent rights,
- the right to use the substance of the article in future own works, including lectures and books,
- the right to reproduce the article for own purposes,
- the right to self-archive the article.
- the right to enter into separate, additional contractual arrangements for the non-exclusive distribution of the article's published version (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal (Journal of Information Technology and Computer Engineering).
5. Co-Authorship
If the article was jointly prepared by other authors; upon submitting the article, the author is agreed on this form and warrants that he/she has been authorized by all co-authors on their behalf, and agrees to inform his/her co-authors. JITCE will be freed on any disputes that will occur regarding this issue.
7. Royalties
By submitting the articles, the authors agreed that no fees are payable from JITCE.
8. Miscellaneous
JITCE will publish the article (or have it published) in the journal if the article’s editorial process is successfully completed and JITCE or its sublicensee has become obligated to have the article published. JITCE may adjust the article to a style of punctuation, spelling, capitalization, referencing and usage that it deems appropriate. The author acknowledges that the article may be published so that it will be publicly accessible and such access will be free of charge for the readers.