Security Analysis of XYZ Academic Information System Using Information System Security Assessment Framework (ISSAF)
DOI:
https://doi.org/10.63866/jpst.v1i2.76Keywords:
Security, Website, System, SIA, ISSAFAbstract
Academic information system security is a crucial aspect in the development of technology and information today, especially in maintaining structured and comprehensive data from various threats. Academic Information System (AIS) XYZ which provides services based on HTTP or HTTPS protocols is vulnerable to hacker attacks through security holes that may not be realized by the website owner. This study aims to identify and analyze security vulnerabilities in the AIS and provide recommendations for improvements to improve the level of system security. Using the ISSAF method to evaluate system security. The tools used in the analysis include Whois, SSL Scan, Nmap, OWASP Zap, and LOIC to detect and test vulnerabilities on the website. From this study, 12 vulnerabilities were found, consisting of four medium level vulnerabilities, six in moderate vulnerabilities, and two information level vulnerabilities. In improving system security, it is recommended to make improvements to the vulnerabilities found, especially at high and medium levels, and to implement regular security monitoring to prevent future attacks.
Downloads
References
[1] I. G. A. S. Sanjaya, G. M. A. Sasmita, and D. M. Sri Arsa, “Information technology risk management using ISO 31000 based on issaf framework penetration testing (Case study: Election commission of x city),” Int. J. Comput. Netw. Inf. Secur., vol. 12, no. 4, pp. 30–40, 2020, doi: 10.5815/ijcnis.2020.04.03.
[2] H. Herman, I. Riadi, Y. Kurniawan, and I. A. Rafiq, “Analisis Keamanan Website Menggunakan Information System Security Asessment Framework(ISSAF),” J. Teknol. Inform. dan Komput., vol. 9, no. 1, pp. 126–136, 2023, doi: 10.37012/jtik.v9i1.1439.
[3] N. Kade, M. Handayani, G. Made, A. Sasmita, A. Agung, and K. Agung, “Evaluation Security Web-Based Information System Application Using ISSAF Framework ( Case Study : SIMAK-NG Udayana University ),” JITTER - J. Ilm. Teknol. dan Komput., vol. 1, no. 2, 2020.
[4] E. P. Silmina, A. Firdonsyah, and R. A. A. Amanda, “Analisis Keamanan Jaringan Sistem Informasi Sekolah Menggunakan Penetration Test Dan Issaf,” Transmisi, vol. 24, no. 3, pp. 83–91, 2022, doi: 10.14710/transmisi.24.3.83-91.
[5] G. Guntoro, L. Costaner, and M. Musfawati, “Analisis Keamanan Web Server Open Journal System (OJS) Menggunakan Metode ISSAF dan OWASP (Studi Kasus OJS Universitas Lancang Kuning),” JIPI (Jurnal Ilm. Penelit. dan Pembelajaran Inform., vol. 5, no. 1, pp. 45–55, 2020, doi: 10.29100/jipi.v5i1.1565.
[6] R. Missouri and Z. Alamin, “Pengembangan Sistem Informasi Arsip Digital Pada Program Studi Ekonomi Syari’ah Fakultas Ekonomi Dan Bisnis Islam Iai Muhammadiyah Bima,” TAJDID J. Pemikir. Keislam. dan Kemanus., vol. 4, no. 2, pp. 207–214, Oct. 2020, doi: 10.52266/tadjid.v4i2.523.
[7] A. Zein, “Evaluasi Keamanan Wireless Lan Menggunakan Issaf (Information System Security Assessment Framework),” Sainstech J. Penelit. Dan Pengkaj. Sains Dan Teknol., vol. 32, no. 2, pp. 29–35, 2022, doi: 10.37277/stch.v32i2.1294.
[8] B. Subana, A. Fadlil, and Sunardi, “Web Server Security Analysis Using The OWASP Mantra Method,” J. Mantik, vol. 4, no. 36, pp. 107–116, 2020.
[9] R. Umar, I. Riadi, and S. A. Wicaksono, “Security Analysis of Learning Management System Using Penetration Testing with ISSAF Framework,” PIKSEL Penelit. Ilmu Komput. Sist. Embed. Log., vol. 12, no. 1, pp. 59–68, 2024, doi: 10.33558/piksel.v12i1.8331.
[10] D. P. Anggraeni, B. P. Zen, and M. Pranata, “SECURITY ANALYSIS ON WEBSITES USING THE INFORMATION SYSTEM ASSESSMENT FRAMEWORK (ISSAF) AND OPEN WEB APPLICATION SECURITY VERSION 4 (OWASPv4) USING THE PENETRATION TESTING METHOD,” J. Pertahanan Media Inf. ttg Kaji. Strateg. Pertahanan yang Mengedepankan Identity, Nasionalism Integr., vol. 8, no. 3, p. 497, 2022, doi: 10.33172/jp.v8i3.1777.
[11] R. Ashar, “Analysis of Open Website Security Using OWASP and ISSAF Methods,” J. Inf. dan Teknol., vol. 4, no. 4, pp. 187–194, 2022, doi: 10.37034/jidt.v4i4.233.
[12] R. Umar, I. Riadi, M. Ihya, and A. Elfatiha, “Analisis Keamanan Sistem Informasi Akademik Berbasis Web Menggunakan Framework ISSAF,” J. Ilm. Tek. Inform. dan Sist. Inf., vol. 12, no. 1, pp. 280–292, 2023.
[13] I. G. A. S. P. Wijaya, G. M. A. Sasmita, and I. P. A. E. Pratama, “Web Application Penetration Testing on Udayana University’s OASE E-learning Platform Using Information System Security Assessment Framework (ISSAF) and Open Source Security Testing Methodology Manual (OSSTMM),” Int. J. Inf. Technol. Comput. Sci., vol. 16, no. 2, pp. 45–56, 2024, doi: 10.5815/ijitcs.2024.02.04.
[14] S. I. Vallarta-Serrano, E. Santoyo-Castelazo, E. Santoyo, E. O. García-Mandujano, and H. Vázquez-Sánchez, “Integrated Sustainability Assessment Framework of Industry 4.0 from an Energy Systems Thinking Perspective: Bibliometric Analysis and Systematic Literature Review,” Energies, vol. 16, no. 14, 2023, doi: 10.3390/en16145440.
[15] H. Sofyan, M. Sugiarto, and B. M. Akbar, “Implementation of Penetration testing on Websites to Improve Security of Information Assets UPN ‘Veteran’ Yogyakarta,” Telematika, vol. 20, no. 2, p. 153, 2023, doi: 10.31315/telematika.v20i2.7757.
[16] M. Trada, J. Teknik, and E. Polbitrada, “Analisis Metode OWASP V4 . 2 dalam Pengujian Keamanan Sistem Informasi Rumah Sakit,” Med. Trada J. Tek. Elektromedik Polbitrada, vol. 5, no. 2, pp. 87–97, 2024, doi: 10.59485/jtemp.v5i2.99.
[17] T. Rahmadi, Khairil, and R. Supardi, “Website Security Analysis Using Penetration Testing Method,” GATOTKACA J. (Teknik Sipil, Inform. Mesin dan Arsitektur), vol. 2, no. 2, pp. 147–152, 2021, doi: 10.35335/idss.v8i1.284.
[18] A. A. Ganin et al., “Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management,” Risk Anal., vol. 40, no. 1, pp. 183–199, 2020, doi: 10.1111/risa.12891.
[19] R. A. / L. Madhvan, M. Fadli, and B. Zolkipli, “An Overview of Malware Injection Attacks: Techniques, Impacts, and Countermeasures,” Borneo Int. J. eISSN, vol. 6, no. 3, pp. 22–30, 2023.
[20] Z. Alamin and M. A. Mu’min, “Analisis Keamanan Jaringan pada Sistem Kendali Jarak Jauh untuk Infrastruktur Kritis,” J. Pengemb. Sains dan Teknol., vol. 1, no. 1, pp. 25–41, Jan. 2025, doi: 10.63866/jpst.v1i1.39.
[21] A. M. Akmal, N. Heryana, and Arip Solehudin, “Analisis Keamanan Website Universitas Singaperbangsa Karawang Menggunakan Metode Vulnerability Assessment,” J. Pendidik. dan Konseling, vol. 4, no. 4, pp. 6298–6309, 2022, doi: 10.31004/jpdk.v4i4.6495.
[22] S. Hina and P. D. D. Dominic, “Information security policies’ compliance: a perspective for higher education institutions,” J. Comput. Inf. Syst., vol. 60, no. 3, pp. 201–211, 2020, doi: 10.1080/08874417.2018.1432996.
[23] E. Ismagilova, L. Hughes, N. P. Rana, and Y. K. Dwivedi, “Security, Privacy and Risks Within Smart Cities: Literature Review and Development of a Smart City Interaction Framework,” Inf. Syst. Front., vol. 24, no. 2, pp. 393–414, 2022, doi: 10.1007/s10796-020-10044-1.
[24] F. Mario, H. Tjiptabudi, and R. I. Ndaumanu, “Evaluasi Celah Keamanan Website Dana Pensiun X Melalui Penetration Testing Berdasarkan ISSAF Framework,” J. Algoritm. Inst. Teknol. Garut, vol. 21, no. 2, pp. 9–17, 2024, doi: 10.33364/algoritma/v.21-2.1644.
[25] F. Hang, L. Xie, Z. Zhang, W. Guo, and H. Li, “Information Security Situation in Blockchain for Secure SDN Based on Big Data in Smart Communities: Research on Information Security Situation Awareness Based on Big Data and Artificial Intelligence,” Int. J. Inf. Secur. Priv., vol. 16, no. 2, pp. 2022–2024, 2022, doi: 10.4018/IJISP.308315.
[26] D. Hariyadi and F. E. Nastiti, “Analisis Keamanan Sistem Informasi Menggunakan Sudomy dan OWASP ZAP di Universitas Duta Bangsa Surakarta,” J. Komtika (Komputasi dan Inform., vol. 5, no. 1, pp. 35–42, 2021, doi: 10.31603/komtika.v5i1.5134.
[27] W. Sismadi, B. Agung Martono, and T. Widyastuti, “COMPARATIVE ANALYSIS OF CODEIGNITER, LARAVEL AND KTUPAD FRAMEWORKS: CASE STUDY ONLINE EXAM APPLICATIONS-Sismadi et al. COMPARATIVE ANALYSIS OF CODEIGNITER, LARAVEL AND KTUPAD FRAMEWORKS: CASE STUDY ONLINE EXAM APPLICATIONS COMPARATIVE ANALYSIS OF CODEIGNI,” Indones. J. Appl. Res., vol. 3, no. 3, pp. 207–219, 2022, doi: 10.30997/ijar.v3i3.236.
[28] G. Kusuma, “Implementasi OWASP Zap Untuk Pengujian Keamanan Sistem Informasi Akademik,” J. Teknol. Inf. J. Keilmuan dan Apl. Bid. Tek. Inform., vol. 16, no. 2, pp. 178–186, 2022, doi: 10.47111/jti.v16i2.3995.
[29] S. Andriyani, M. F. Sidiq, and B. P. Zen, “Analisis Celah Keamanan Pada Website Dengan Menggunakan Metode Penetration Testing Dan Framework ISSAF Pada Website SMK Al-Kautsar,” J. Inform. Inf. Technol., vol. 8798, no. 1, pp. 1–13, 2023.
[30] S. A. Nugroho and T. Rochmadi, “Analisis Keamanan Sistem Informasi Pusaka Magelang Menggunakan Open Web Application Security Project ( OWASP ) Dan Information Systems Security Assessment Framework ( ISSAF ) Security Analysis Of Magelang Pusaka Information System Using Open Web Applicati,” CyberSecurity dan Forensik Digit., vol. 7, no. 1, pp. 56–61, 2024, doi: 10.14421/csecurity.2024.7.1.4555.
[31] M. Amirul, N. Tristanti, G. Pramuja, and I. Fanani, “Analisis dan Pengujian Kerentanan Website Menggunakan OWASP ZAP,” J. Ris. Sist. dan Teknol. Inf., vol. 3, no. 1, pp. 36–50, 2024, doi: 10.30787/restia.v3i1.1886.
[32] I. Riadi, A. Fadlil, and M. Amirul, “OWASP Framework-Based Network Forensics to Analyze the SQLi Attacks on Web Servers,” Matrik J. Manajemen, Tek. Inform. dan Rekayasa Komput., vol. 22, no. 3, pp. 481–493, 2023, doi: 10.30812/matrik.v22i3.3018.
[33] dan S. A. M. Agus Rochman, Rizal Rohian Salam, “Analisis Keamanan Website Dengan Information System Security Assesment Framework (ISSAF) dan Open Web Application Security Project (OWASP) Di Rumah Sakit XYZ,” J. Indones. Sos. Teknol., vol. 2, no. 4, pp. 506–119, 2021, doi: 10.59141/jist.v2i04.124.
[34] Aqilah Syaima’ Fadel, Rianto David Saputra, Y. Fatma, and Risky Nanda Putra, “Analisis Keamanan Steganografi Teks Dengan Metode LSB (Least Significant Bit) Pada Citra Digital,” J. CoSciTech (Computer Sci. Inf. Technol., vol. 5, no. 1, pp. 36–41, 2024, doi: 10.37859/coscitech.v5i1.6759.
[35] I. U. Haq and T. A. Khan, “Penetration Frameworks and Development Issues in Secure Mobile Application Development: A Systematic Literature Review,” IEEE Access, vol. 9, no. 1, pp. 87806–87825, 2021, doi: 10.1109/ACCESS.2021.3088229.
[36] E. Handoyo and Izza Eka Nigrum, “Penilaian Risiko Keamanan Siber Kampus Menggunakan Framework Cybersecurity NIST 1.1,” J. CoSciTech (Computer Sci. Inf. Technol., vol. 4, no. 3, pp. 677–685, 2024, doi: 10.37859/coscitech.v4i3.5628.
[37] B. Supriyanto, Sumijan, and Yuhandri, “Audit Keamanan Website Menggunakan Acunetix Web Vulnerability (Studi Kasus Di SMK Muhammadiyah 3 Terpadu Pekanbaru),” J. CoSciTech (Computer Sci. Inf. Technol., vol. 5, no. 1, pp. 134–143, 2024, doi: 10.37859/coscitech.v5i1.6705.
[38] E. Handoyo, “Analisis Tingkat Keamanan Informasi: Studi Komparasi Framework Cobit 5 Subdomain Manage Security Services (DSS05) dan NIST Sp 800 – 55,” J. CoSciTech (Computer Sci. Inf. Technol., vol. 1, no. 2, pp. 76–83, 2020, doi: 10.37859/coscitech.v1i2.2199.
[39] J. S. Patty, N. S. Education, and U. P. Indonesia, “PENETRATION TESTING OF A COMPUTERIZED PSYCHOLOGICAL ASSESSMENT WEBSITE USING SEVEN ATTACK VECTORS FOR CORPORATION WEBSITE SECURITY,” J. Tek. Inform., vol. 5, no. 3, pp. 831–842, 2024, doi: 10.52436/1.jutif.2024.5.3.1731.
[40] A. Fadlil, I. Riadi, and M. A. Mu’Min, “Mitigation from SQL Injection Attacks on Web Server using Open Web Application Security Project Framework,” Int. J. Eng. Trans. A Basics, vol. 37, no. 4, pp. 635–645, 2024, doi: 10.5829/ije.2024.37.04a.06.
[41] S. Eko Prasetyo and N. Hassanah, “Analisis Keamanan Website Universitas Internasional Batam Menggunakan Metode Issaf,” J. Ilm. Inform., vol. 9, no. 02, pp. 82–86, 2021, doi: 10.33884/jif.v9i02.3758.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Muhammad Amirul Mu'min, Yana Safitri, Sabarudin Saputra (Author)
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
