Security Analysis of Web-Based Academic Information System using OWASP Framework

Abstract

A The Academic Information System plays a crucial role in efficiently managing student, faculty, and campus administration data. However, system security needs to be a primary concern as it is vulnerable to cyber attacks. This research aims to analyze the security of the Academic Information System at the Muhammadiyah Business Institute Bekasi. The research method used is a comprehensive security analysis based on the OWASP framework. The study includes identifying potential vulnerabilities, penetration testing, and system improvement recommendations. Testing is conducted through simulated attacks based on the OWASP-released security risk list (OWASP Top Ten Most Critical Web Application Security Risks). The analysis results indicate that the system is vulnerable to Broken Authentication due to weak passwords, Sensitive Data Exposure due to URLs pointing to direct directories, and Security Misconfiguration due to open protocols. Furthermore, in CVSS scoring, SQL Injection scored 2.6 (Low), Broken Authentication scored 4.8 (Medium), Sensitive Data Exposure and Security Misconfiguration scored 5.3 (Medium), Cross-Site Scripting scored 2.0 (Low), while XXE, Broken Access Control, Insecure Deserialization, Using Components with Known Vulnerabilities, and Insufficient Logging and Monitoring scored 0.0 (No Vulnerability). Recommendations for future system improvements include regularly updating the system to prevent new security vulnerabilities, tighter server configurations, and routine system monitoring to promptly anticipate suspicious activities.