skip to main content

PEMANFAATAN METODE WAVS (WEB APPLICATION SECURITY SCANNERS) MENGGUNAKAN BURP SUITE TOOLS DALAM AUDIT TEKNIS KEAMANAN SISTEM INFORMASI SURAT TUGAS SEKOLAH VOKASI UNDIP

*Arkhan Subari orcid scopus  -  STr. Teknik Listrik Industri, Sekolah Vokasi, Universitas Diponegoro, Indonesia
Saiful Manan  -  STr. Teknik Listrik Industri, Sekolah Vokasi, Universitas Diponegoro, Indonesia
Eko Ariyanto  -  STr. Teknik Listrik Industri, Sekolah Vokasi, Universitas Diponegoro, Indonesia
Adnan Fauzi  -  Teknik Komputer, Fakultas Teknik, Universitas Diponegoro, Indonesia

Citation Format:
Abstract
An official travel assignment letter is a type of assignment letter needed by an employee in carrying out work assignments. In many ways, the assignment letter information system is built based on web-programming. In web-programming there are two methods to send data from client to server. The two methods are the POST method and the GET method. Information security is an important aspect that needs to be considered in design a information system. There are many attacker spying data on information system daily. Usually the attacker uses the loopholes in the data transmission method to attack the system. There are many techniques used to attack information systems likes WAVs (Web Application Security Scanners). WAVs is a program that is used to find security holes in web-based information systems using several methods, such as XSS, SQL Injection, Intercept and Bruteforce. One program that can be used is Burp Suite. Burp Suite is often used by security auditors, researchers, and testers for analysis of different systems. Burp's core functionality is to intercept and display HTTP requests in a structured manner. The Vocational School of Diponegoro University has developed an information system that is used to manage this assignment letter. The information system is design using a web-based application. However, the system has never been technically audited on its security level. Therefore, it is necessary to audit the information system security techniques so that the level of information system security can be ascertained and corrective steps can be taken if there are security holes found. This study is intended to conduct a technical audit of the security of the UNDIP Vocational School assignment letter information system. The audit was conducted using the WAVs (Web Application Security Scanners) method with the Burp Suite application. The results of the brutefoce test using Burpsuite showed that there was no suitable password. However, the fact that an attacker can attack 30,0006 times is a weakness that needs to be fixed.
Fulltext View|Download
Keywords: technical audit; information security; WAVs (Web Application Security Scanners); bruteforce; Burpsuite;

Article Metrics:

  1. Dewandaru, D.S, 2013, Pemanfaatan Aplikasi E-Office Untuk Mendukung Penerapan E-Government Dalam Kegiatan Perkantoran Studi Kasus: Puslitbang Jalan Dan Jembatan, Seminar Nasional Teknologi Informasi dan Komunikasi 2013 (SENTIKA 2013), pp.232-239
  2. Fang, Z., 2002, E-Government in Digital Era: Concept, Practice, and Development, International Journal of The Computer, The Internet and Management, Vol. 10, No.2, p 1-22
  3. Mohd Lokman, A., Dharmarajan, N., Zainol, Z., 2007, E-Office For UiTM: Requirements Study, Proceeding so f the CSSR, Malaysia
  4. Robles, M., 2001, The e-Office: What Exactly it is? Office Solutions, Mt Airy 18(6), pp 43-45
  5. Silvana, M., Fajrin, H., Danton, 2015, Analisis Proses Bisnis Sistem Pembuatan Surat Perintah Perjalanan Dinas Kantor Regional II PT.Pos Indonesia, TEKNOSI, Vol. 01, No. 01, Oktober 2015 pp. 11 – 22
  6. Laekha, E., 2017, Rancang Bangun Sistem Informasi Surat Perintah Perjalanan Dinas, Jurnal Teknik Informatika dan Sistem Informasi Volume 3 Nomor 3 Desember 2017 pp. 598-608
  7. Iyan Nurbayan, Asep Deddy S., 2015, Pengembangan Sistem Informasi Surat Perintah Perejalan Dinas (SPPD) di Balai Produksi Dan Pengujian Roket Pameungpeuk Menggunakan Netbeans, Sekolah Tinggi Teknologi Garut, Jurnal Algoritma Sekolah Tinggi Teknologi Garut, ISSN : 2302-7339 Vol. 12 No. 1 (2015)
  8. A Subari et al 2020 IOP Conf. Ser.: Mater. Sci. Eng. 801 012141
  9. Imam R., Rusydi U., Iqbal B., 2020, Optimasi Keamanan Autentikasi dari Man in the Middle Attack (MiTM) Menggunakan Teknologi Blockchain, Journal Information Engineering and Educational Technology, Volume 04 Nomor 01 pp. 15-19
  10. Arkhan S., Saiful M., 2014, Implementasi Aeschipper Class Untuk Enkripsi URL Di Sistem Informasi Akademik Fakultas Teknik Universitas Diponegoro, Jurnal Sistem Komputer, 4(2)
  11. Arkhan S., Saiful M., Eko A., 2018, Implementation of Password Guessing Resistant Protocol (PGRP) in improving user login security on Academic Information System, Advanced Science Letters, Volume 24, Number 12, December 2018, pp. 9523-9525(3)
  12. Indra G., 2019, Modifikasi Keamanan File dengan Algoritma Hill Cipher Untuk Mengantisipasi Dari Serangan Brute Force, TECHSI Vol. 11 No. 2 pp. 237-246
  13. Malik Q., Ala’a S., Tariq K., 2005, Black Box Evaluation Of Web Application Scanners: Standards Mapping Approach, Journal of Theoretical and Applied Information Technology Vol.96 No. 14 pp. 4584-4596
  14. D. Pałka, M. Zachara, and K. Wójcik, 2016, Evolutionary Scanner of Web Application Vulnerabilities, in Computer Networks, Cham, pp. 384-396
  15. P. E. Black, E. Fong, V. Okun, and R. Gaucher, 2008, Software assurance tools: Web application security scanner functional specification version 1.0, Special Publication, pp. 500-269
  16. R. Lepofsky, 2014, Web Application Vulnerabilities and Countermeasures, in The Manager’s Guide to Web Application Security: A Concise Guide to the Weaker Side of the Web, ed Berkeley, CA: Apress, pp. 47-79
  17. Christian M., Vladislav M., Tim G., Jörg S., 2015, Automatic Recognition, Processing and Attacking of Single Sign-On Protocols with Burp Suite, Open Identity Summit 2015 pp. 117-131
  18. Chanchala J., Umesh K.S., 2016, Performance Evaluation of Web Application Security Scanners for More Effective Defense, International Journal of Scientific and Research Publications, Volume 6, Issue 6, pp. 660-667
  19. Chanchala J., Umesh K.S., 2016, Security Testing and Assessment of Vulnerability Scannersin Quest of Current Information Security Landscape, International Journal of Computer Applications Volume 145 No. 2 pp. 1-7

Last update:

No citation recorded.

Last update:

No citation recorded.