Implementation of Open Web Application Security Project for Penetration Testing on Educational Institution Websites

The development of information technology cannot be separated from the development of website applications, as well as the threat of security attacks that will attack website applications. Educational Institution X uses a website application as an important medium in learning activities. Therefore, penetration testing is needed to find security holes in website applications. In this study, penetration testing will be carried out with the target website for student access at Educational Institution X based on the reason that there is sensitive student data that needs to be secure. The method used in this study is an experimental method with the OWASP TOP 10 2021 standard (Open Web Application Security Project). The penetration test results obtained on the website application at Educational Institution X found 11 vulnerabilities that could be tested. Of the 11 vulnerabilities, there is one vulnerability at the medium risk level, 7 at the low risk level, and 3 at the information risk level. The vulnerabilities found relate to token authentication, policy delivery, cookie attribute, cross-site script inclusion, authorization, clickjacking, and weak transport layer security. Based on the penetration testing activities obtained, it can be concluded that the vulnerability gaps found need to be further repaired by the website application system developer, in this case, the Educational Institution X. Therefore, the final result of this study is in the form of a report document containing a list of vulnerabilities, recommendations for vulnerability repairs, and vulnerability mitigation strategies as solutions for handling security systems on website applications to make them even better

Implementation of Open Web Application Security Project for Penetration Testing on Educational Institution Websites

The development of information technology cannot be separated from the development of website applications, as well as the threat of security attacks that will attack website applications. Educational Institution X uses a website application as an important medium in learning activities. Therefore, penetration testing is needed to find security holes in website applications. In this study, penetration testing will be carried out with the target website for student access at Educational Institution X based on the reason that there is sensitive student data that needs to be secure. The method used in this study is an experimental method with the OWASP TOP 10 2021 standard (Open Web Application Security Project). The penetration test results obtained on the website application at Educational Institution X found 11 vulnerabilities that could be tested. Of the 11 vulnerabilities, there is one vulnerability at the medium risk level, 7 at the low risk level, and 3 at the information risk level. The vulnerabilities found relate to token authentication, policy delivery, cookie attribute, cross-site script inclusion, authorization, clickjacking, and weak transport layer security. Based on the penetration testing activities obtained, it can be concluded that the vulnerability gaps found need to be further repaired by the website application system developer, in this case, the Educational Institution X. Therefore, the final result of this study is in the form of a report document containing a list of vulnerabilities, recommendations for vulnerability repairs, and vulnerability mitigation strategies as solutions for handling security systems on website applications to make them even better

Análisis de las características de seguridad de una muestra de gestores de bases de datos para determinar indicadores que permita hacer una elección adecuada en pymes.

Mediante el presente estudio monográfico se desarrolló un análisis conceptual a las características de los Sistemas de Gestión de Bases de Datos [SGBD] enfatizando en la seguridad como aspecto clave para el respaldo de la información. En este sentido, el estudio se desarrolló con una metodología tipo compilación, bajo una modalidad descriptiva, mediante la cual se analizó información escrita sobre los sistemas de gestión de bases de datos y se establecieron características, factores de vulnerabilidad y demás aspectos que al final permitieron la definición de indicadores enfocados a la seguridad de los gestores, para la elección adecuada de las MiPymes. Pudiendo establecerse con el análisis comparativo de un caso supuesto para una MiPymes, que PostgreSQL, se detalla como una opción viable por sus características de seguridad y código abierto que le permite a las medianas y pequeñas empresas respaldar su información mediante un gestor con muy buena reputación y con baja inversión monetaria.Through the present monographic study, a conceptual analysis of the characteristics of the Database Management Systems [DBMS] will be considered, emphasizing security as a key aspect for information backup. In this sense, the study will be analyzed with a compilation-type methodology, under a descriptive methodology, through which written information on database management systems was analyzed and characteristics, protection factors and other aspects were established that ultimately allowed the definition of indicators focused on the safety of managers, for the proper choice of MSMEs. Being able to establish itself with the comparative analysis of a supposed case for a MyPymes, which PostgreSQL, is detailed as a viable option for its security features and open source that allows medium and small companies backed up their information by a manager with a very good reputation. and with low monetary investmen