Mahendra, Naufal Aprilian Marsa (2023) Pengujian Celah Keamanan Aplikasi Berbasis Web Menggunakan Framework OWASP WSTG Versi 4.2 di BAPENDA Kabupaten Tulungagung. Other thesis, Institut Teknologi Sepuluh Nopember.
Text
05311940000007-Undergraduate_Thesis.pdf - Accepted Version Restricted to Repository staff only until 1 April 2025. Download (4MB) | Request a copy |
Abstract
Teknologi informasi pada masa ini telah berkembang sangat pesat. Dunia digital telah membawa banyak perubahan dalam cara manusia melakukan banyak hal. Berkembangnya kemudahan akses informasi tidak semata-mata memberikan dampak positif saja melainkan terdapat dampak negatif juga. Kejahatan siber juga meningkat beriringan dengan adanya kemudahan akses informasi dan juga berkembangnya teknologi informasi. Kejahatan siber seperti pencurian informasi sering terjadi di dunia yang serba digital sekarang ini. Website merupakan salah satu sarana kita mendapatkan sebuah informasi yang dapat kita akses secara mudah melalui internet. Keamanan informasi yang berada di sebuah website haruslah dijaga. Keamanan informasi sendiri terdiri dari 3 aspek utama yaitu kerahasiaan (confidentiality), integritas (integrity), dan ketersediaan (availability). Oleh karena itu, diperlukan adanya analisis celah keamanan suatu website. Hal ini dikenal sebagai proses pengujian kerentanan, atau lebih umum pengujian penetrasi. Teknik pengujian penetrasi ini dapat dilakukan oleh penguji dengan menggunakan standar keamanan yang ada untuk mensimulasikan diri mereka sebagai pihak luar atau penyusup yang mencoba masuk ke jaringan atau sistem. Oleh karena itu, penulis mengusulkan untuk melakukan pengujian terhadap aplikasi berbasis web pada aplikasi BAPENDA (Badan Pendapatan Daerah) menggunakan Web Security Testing Guide Versi 4.2 dari OWASP. Metode ini dipilih dikarenakan menerapkan tata cara pengujian secara terperinci. Penulis menggunakan seluruh kategori yang ada pada Web Security Testing Guide Versi 4.2 dari OWASP untuk melakukan pengujian celah keamanan terhadap aplikasi berbasis web pada BAPENDA (Badan Pendapatan Daerah), antara lain information gathering, configuration and deployment management testing, identity management testing, authentication testing, authorization testing, session management testing, input validation testing, authorization testing, error handling testing, business logic testing, dan client-side testing.
=======================================================================================================================================
Information technology has developed quickly. The digital world has caused many changes in humans activities. However, that particular development does not only have positive impacts; instead it also has negative ones. Cyber crime has also increased along with the ease of access to information and the development of information technology. The example of it is theft of information, which often happens in today's digital world. Website is one of the means for people to get information which they can access easily through the internet. The information available on a website must be protected. Information security itself consists of 3 main aspects, which are Confidentiality, Integrity, and Availability. Therefore, security gap analysis of a website is necessary. This is often referred to as vulnerability testing or penetration testing. This technique can be performed by testers using existing security standards to simulate themselves as intruders that are trying to break into a network or system. Therefore, the researcher suggests to test the web-based applications on BAPENDA (Badan Pendapatan Daerah) by using Web Security Testing Guide Version 4.2 of OWASP. This method is chosen since it adopts detailed testing procedures. The researcher uses all categories in the Web Security Testing Guide Version 4.2 of OWASP in testing the security gap on the web-based applications on BAPENDA (Badan Pendapatan Daerah), including information gathering, configuration and deployment management testing, identity management testing, authentication testing, authorization testing, session management testing, input validation testing, authorization testing, error handling testing, business logic testing, and client-side testing.
Item Type: | Thesis (Other) |
---|---|
Uncontrolled Keywords: | Teknologi Informasi, OWASP, Keamanan Informasi, Kejahatan Siber, Web Security Testing Guide, Information Technology, Information Security, Cyber Crime |
Subjects: | T Technology > T Technology (General) > T58.5 Information technology. IT--Auditing T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK5105.888 Web sites--Design. Web site development. |
Divisions: | Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Information Technology > 59201-(S1) Undergraduate Thesis |
Depositing User: | Naufal Aprilian Marsa Mahendra |
Date Deposited: | 02 Feb 2023 02:57 |
Last Modified: | 02 Feb 2023 02:57 |
URI: | http://repository.its.ac.id/id/eprint/95993 |
Actions (login required)
View Item |