3 research outputs found

    Implementation of Open Web Application Security Project for Penetration Testing on Educational Institution Websites

    Get PDF
    The development of information technology cannot be separated from the development of website applications, as well as the threat of security attacks that will attack website applications. Educational Institution X uses a website application as an important medium in learning activities. Therefore, penetration testing is needed to find security holes in website applications. In this study, penetration testing will be carried out with the target website for student access at Educational Institution X based on the reason that there is sensitive student data that needs to be secure. The method used in this study is an experimental method with the OWASP TOP 10 2021 standard (Open Web Application Security Project). The penetration test results obtained on the website application at Educational Institution X found 11 vulnerabilities that could be tested. Of the 11 vulnerabilities, there is one vulnerability at the medium risk level, 7 at the low risk level, and 3 at the information risk level. The vulnerabilities found relate to token authentication, policy delivery, cookie attribute, cross-site script inclusion, authorization, clickjacking, and weak transport layer security. Based on the penetration testing activities obtained, it can be concluded that the vulnerability gaps found need to be further repaired by the website application system developer, in this case, the Educational Institution X. Therefore, the final result of this study is in the form of a report document containing a list of vulnerabilities, recommendations for vulnerability repairs, and vulnerability mitigation strategies as solutions for handling security systems on website applications to make them even better

    Implementation of Open Web Application Security Project for Penetration Testing on Educational Institution Websites

    Get PDF
    The development of information technology cannot be separated from the development of website applications, as well as the threat of security attacks that will attack website applications. Educational Institution X uses a website application as an important medium in learning activities. Therefore, penetration testing is needed to find security holes in website applications. In this study, penetration testing will be carried out with the target website for student access at Educational Institution X based on the reason that there is sensitive student data that needs to be secure. The method used in this study is an experimental method with the OWASP TOP 10 2021 standard (Open Web Application Security Project). The penetration test results obtained on the website application at Educational Institution X found 11 vulnerabilities that could be tested. Of the 11 vulnerabilities, there is one vulnerability at the medium risk level, 7 at the low risk level, and 3 at the information risk level. The vulnerabilities found relate to token authentication, policy delivery, cookie attribute, cross-site script inclusion, authorization, clickjacking, and weak transport layer security. Based on the penetration testing activities obtained, it can be concluded that the vulnerability gaps found need to be further repaired by the website application system developer, in this case, the Educational Institution X. Therefore, the final result of this study is in the form of a report document containing a list of vulnerabilities, recommendations for vulnerability repairs, and vulnerability mitigation strategies as solutions for handling security systems on website applications to make them even better

    An谩lisis de las caracter铆sticas de seguridad de una muestra de gestores de bases de datos para determinar indicadores que permita hacer una elecci贸n adecuada en pymes.

    Get PDF
    Mediante el presente estudio monogr谩fico se desarroll贸 un an谩lisis conceptual a las caracter铆sticas de los Sistemas de Gesti贸n de Bases de Datos [SGBD] enfatizando en la seguridad como aspecto clave para el respaldo de la informaci贸n. En este sentido, el estudio se desarroll贸 con una metodolog铆a tipo compilaci贸n, bajo una modalidad descriptiva, mediante la cual se analiz贸 informaci贸n escrita sobre los sistemas de gesti贸n de bases de datos y se establecieron caracter铆sticas, factores de vulnerabilidad y dem谩s aspectos que al final permitieron la definici贸n de indicadores enfocados a la seguridad de los gestores, para la elecci贸n adecuada de las MiPymes. Pudiendo establecerse con el an谩lisis comparativo de un caso supuesto para una MiPymes, que PostgreSQL, se detalla como una opci贸n viable por sus caracter铆sticas de seguridad y c贸digo abierto que le permite a las medianas y peque帽as empresas respaldar su informaci贸n mediante un gestor con muy buena reputaci贸n y con baja inversi贸n monetaria.Through the present monographic study, a conceptual analysis of the characteristics of the Database Management Systems [DBMS] will be considered, emphasizing security as a key aspect for information backup. In this sense, the study will be analyzed with a compilation-type methodology, under a descriptive methodology, through which written information on database management systems was analyzed and characteristics, protection factors and other aspects were established that ultimately allowed the definition of indicators focused on the safety of managers, for the proper choice of MSMEs. Being able to establish itself with the comparative analysis of a supposed case for a MyPymes, which PostgreSQL, is detailed as a viable option for its security features and open source that allows medium and small companies backed up their information by a manager with a very good reputation. and with low monetary investmen
    corecore