Analisis Keamanan pada Aplikasi Her-registrasi Online Mahasiswa Universitas Diponegoro

DOI: https://doi.org/10.14710/jtsiskom.4.3.2016.479-484
Copyright (c) 2016 Jurnal Teknologi dan Sistem Komputer

Article Metrics: (Click on the Metric tab below to see the detail)

Article Info
Submitted: 2016-07-22
Published: 2016-08-21
Section: Articles
Fulltext PDF Tell your colleagues Email the author
The security aspect is often forgotten in the application of Information Technology. The attacks were caused by the negligence of the developer causes damage to the system used. SQL Injection attacks, Cross Site Scripting attacks, and no use of encrypted channels lead to the exposure of sensitive data users. Objectives of this research is to perform an audit and analysis of the security aspects against the Her-registration Colege Students Online Application of Diponegoro University. Audit and security analysis is prevention step so that the vulnerabilities found not to be a entrances to the system hackers. The results of this research are a security audit report that contains the vulnerability Her-registration College Students Online Application of Diponegoro University. The audit report will be used as a reference for application developers Her-registration Colege Students Online Application of Diponegoro University to improve the system.

Keywords

security; web application; sql injection; xss; acunetix;

  1. Hilal Afrih Juhad 
    Program Studi Sistem Komputer, Universitas Diponegoro, Indonesia
  2. R. Rizal Isnanto 
    Program Studi Sistem Komputer, Universitas Diponegoro, Indonesia
  3. Eko Didik Widianto 
    Program Studi Sistem Komputer, Universitas Diponegoro, Indonesia
  1. Acunetix, "Acunetix Web Vulnerability Scanner," 2005
  2. M. Syafrizal, "ISO 17799: Standar Sistem Manajemen Keamanan Informasi"
  3. FIRST, Common Vulnerability Scoring System v3.0: User Guide, 2014
  4. A. Singh, Metasploit Penetration Testing Cookbook, Birmingham: Packt Publishinf, 2012
  5. B. Rahardjo, “Keamanan Sistem Informasi Berbasis Internet,” PT Insan Komunikasi Indonesia, Bandung, 2002
  6. ISO, "Information technology -- Security techniques -- Information security management systems -- Requirements," ISO Organization, 2005
  7. ---, Registrasi Online Mahasiswa, http://reg- online.undip.ac.id/index.php, 19 Oktober 2015
  8. ---, Penetration Testing Overview, http://www.coresecurity.com/penetration-testing- overview, 28 Oktober 2015
  9. ---, Mitre. About CWE, http://cwe.mitre.org/about/index.html, 2 Februari 2016
  10. ---, Mitre. Common Vulnerability and Exposures, https://cve.mitre.org/about/index.html, 8 Februari 2016.