Translate 
Abstract
This study aims to analyze and evaluate the vulnerability of Insecure Direct Object Reference (IDOR) in the thesis registration web application at XYZ University, as well as to provide improvement recommendations to enhance the security of students' personal data. The IDOR vulnerability allows unauthorized access to students' personal documents, which can jeopardize privacy and information security. Utilizing an action research methodology consisting of four stages: diagnosis, action taking, evaluation, and learning, this research identifies the URL patterns generated when students upload documents such as ID cards, family cards, birth certificates, diplomas, and photos. During the action-taking phase, the researcher conducts attacks using Burp Suite to test the vulnerability by modifying URL parameters based on the identified patterns. The testing results indicate that all documents can be accessed without proper authorization, with a status code of 200 indicating successful access. These findings underscore the necessity for stricter security improvement measures in the thesis registration application to protect students' personal data. The implications of this research highlight the importance of implementing tighter access controls and better input validation in higher education applications to prevent potential data leaks in the future. This study makes a significant contribution to enhancing information security within educational environments.
Published Version
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
