Analisis Keamanan Sistem Informasi Akademik Menggunakan Open Web Application Security Project Framework

Abstract

Information system security is one of the important things in the development of technology to protect comprehensive and structured data or information. The Academic Information System (SIA) has a service to receive requests in the form of HTTP or HTTPS protocol website pages from clients called browsers. Intruders can hack websites without the owner's knowledge. This research was conducted to find the vulnerability of SIA STIKES Guna Bangsa Yogyakarta. The framework used is the Open Web Application Security Project (OWASP) which is usually used to evaluate systems or applications. The tools used are WhoIs, SSL Scan, Nmap, and OWASP Zap. The results obtained were finding 12 vulnerabilities with four vulnerabilities at the medium level, namely Absence of Anti-CSRF Tokens, Cross-Domain Misconfiguration, Missing Anti-clickjacking Header, and Vulnerable JS Library, six at the low level namely Cookie Without Secure Flag, Cookie without SameSite Attribute, Cross-Domain JavaScript Source File Inclusion, Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s), Timestamp Disclosure – Unix, and X-Content-Type-Options Header Missing, and two at the informational level namely Content-Type Header Missing and Information Disclosure - Suspicious Comments.