Skripsi/Tugas Akhir
Evaluasi Keamanan Website Menggunakan Metode Vulnerability Assessment pada Website Kampus Dipa Makassar
ABSTRAK
Dalam era digital saat ini, website kampus menyimpan informasi sensitif seperti data mahasiswa, dosen, dan staf yang rentan terhadap ancaman keamanan. Melindungi informasi tersebut dari akses yang tidak sah atau peretasan adalah suatu keharusan untuk menjaga privasi dan integritas data. Ancaman terhadap website kampus dapat merusak reputasi institusi pendidikan, menyebabkan downtime, dan mengganggu operasional kampus, terutama dalam layanan akademis dan administratif. Penelitian ini bertujuan untuk mengevaluasi keamanan situs web Kampus Dipa Makassar dan mengidentifikasi risiko seperti Injection, Insecure Design, dan Security Misconfiguration. Metode yang digunakan adalah Vulnerability Assessment, yang meliputi identifikasi, analisis, dan mitigasi kerentanan sistem. Pengumpulan data dilakukan menggunakan tools OWASP ZAP, Uniscan, Who Is, What Web, Nmap, WhafW00f, dan SQL Map dengan memindai URL website Kampus Dipa Makassar secara otomatis dan manual. Hasil evaluasi menunjukkan adanya kerentanan seperti SQL injection, CSP header not set, missing anti-clickjacking header, vulnerable JS library, absence of anti-CSRF token, stricttransport-security header not set, cookie no HttpOnly flag, cookie without secure flag, cookie without SameSite attribute, dan X-content-type-options header missing. Evaluasi ini efektif dalam mengidentifikasi kelemahan keamanan dan memberikan panduan terhadap kampus UNDIPA untuk mengambil langkah-langkah konkret dalam meningkatkan keamanan situs web dan melindungi data sensitif yang disimpan.
Kata Kunci: Vulnerability Assessment, OWASP ZAP, Uniscan, SQL Injection, CSP Header
ABSTRACT
In today's digital era, campus websites store sensitive information such as student, faculty, and staff data, which are vulnerable to security threats. Protecting this information from unauthorized access or hacking is essential to maintain data privacy and integrity. Threats to campus websites can damage the reputation of educational institutions, cause downtime, and disrupt campus operations, especially in academic and administrative services. This research aims to evaluate the security of the Dipa Makassar Campus website and identify risks such as Injection, Insecure Design, and Security Misconfiguration. The method used is Vulnerability Assessment, which includes identifying, analyzing, and mitigating system vulnerabilities. Data collection is conducted using tools such as OWASP ZAP, Uniscan, Who Is, What Web, Nmap, WhafW00f, and SQL Map by scanning the URL of the Dipa Makassar Campus website both automatically and manually. The evaluation results indicate vulnerabilities such as SQL injection, CSP header not set, missing anti-clickjacking header, vulnerable JS library, absence of anti-CSRF token, strict-transport-security header not set, cookie without HttpOnly flag, cookie without secure flag, cookie without SameSite attribute, and X-content-type-options header missing. This evaluation is effective in identifying security weaknesses and provides guidance for UNDIPA Campus to take concrete steps in enhancing website security and protecting the sensitive data stored.
Keywords: Vulnerability Assessment, OWASP ZAP, Uniscan, SQL Injection, CSP Header
Tidak ada salinan data
Universitas DIPA Makassar
NPP 7371142D1000002
Jln. Perintis Kemerdekaan KM.9
Telp. (0411)587194
Hotline: +6281228221994
WhatsApp Admin: +6281342092072
e-Mail: [email protected]
© 2024 — Perpustakaan UNDIPA Makassar - SLiMS