Abstract
A The Academic Information System plays a crucial role in efficiently managing student, faculty, and campus administration data. However, system security needs to be a primary concern as it is vulnerable to cyber attacks. This research aims to analyze the security of the Academic Information System at the Muhammadiyah Business Institute Bekasi. The research method used is a comprehensive security analysis based on the OWASP framework. The study includes identifying potential vulnerabilities, penetration testing, and system improvement recommendations. Testing is conducted through simulated attacks based on the OWASP-released security risk list (OWASP Top Ten Most Critical Web Application Security Risks). The analysis results indicate that the system is vulnerable to Broken Authentication due to weak passwords, Sensitive Data Exposure due to URLs pointing to direct directories, and Security Misconfiguration due to open protocols. Furthermore, in CVSS scoring, SQL Injection scored 2.6 (Low), Broken Authentication scored 4.8 (Medium), Sensitive Data Exposure and Security Misconfiguration scored 5.3 (Medium), Cross-Site Scripting scored 2.0 (Low), while XXE, Broken Access Control, Insecure Deserialization, Using Components with Known Vulnerabilities, and Insufficient Logging and Monitoring scored 0.0 (No Vulnerability). Recommendations for future system improvements include regularly updating the system to prevent new security vulnerabilities, tighter server configurations, and routine system monitoring to promptly anticipate suspicious activities.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.