Abstract:
Sistem Informasi Akademik dan Pengasuhan (SIAP) is an application web that facilitates the academic community in accessing information about academics and student care. H...Show MoreMetadata
Abstract:
Sistem Informasi Akademik dan Pengasuhan (SIAP) is an application web that facilitates the academic community in accessing information about academics and student care. However, in its development, if the code system is poorly written, a web application might have vulnerabilities. This study aims to determine the vulnerabilities found in SIAP using OWASP guide and how to fix these vulnerabilities. OWASP is the best choice because it can be obtained free of charge and freely on the internet and periodically up to date. Before vulnerability testing, analysis about security level of SIAP is done using OWASP ASVS. Then, OWASP Testing Guide is used for vulnerability testing. In the tests conducted, it was found that SIAP is vulnerable to injection, broken authentication, and broken access control. Injection is one of the vulnerabilities that has the highest risk value. After testing, a code review using OWASP Code Review Guide is performed to find the location of the vulnerability in the source code. For the last, a secure code recommendation will be given that can overcome the vulnerabilities found from the used guidelines.
Date of Conference: 17-18 October 2020
Date Added to IEEE Xplore: 19 November 2020
ISBN Information: