Implementation of Open Web Application Security Project for Penetration Testing on Educational Institution Websites

The development of information technology cannot be separated from the development of website applications, as well as the threat of security attacks that will attack website applications. Educational Institution X uses a website application as an important medium in learning activities. Therefore, penetration testing is needed to find security holes in website applications. In this study, penetration testing will be carried out with the target website for student access at Educational Institution X based on the reason that there is sensitive student data that needs to be secure. The method used in this study is an experimental method with the OWASP TOP 10 2021 standard (Open Web Application Security Project). The penetration test results obtained on the website application at Educational Institution X found 11 vulnerabilities that could be tested. Of the 11 vulnerabilities, there is one vulnerability at the medium risk level, 7 at the low risk level, and 3 at the information risk level. The vulnerabilities found relate to token authentication, policy delivery, cookie attribute, cross-site script inclusion, authorization, clickjacking, and weak transport layer security. Based on the penetration testing activities obtained, it can be concluded that the vulnerability gaps found need to be further repaired by the website application system developer, in this case, the Educational Institution X. Therefore, the final result of this study is in the form of a report document containing a list of vulnerabilities, recommendations for vulnerability repairs, and vulnerability mitigation strategies as solutions for handling security systems on website applications to make them even better

Peningkatan Manajemen Informasi Organisasi dengan Memanfaatkan Website

Girirupo Youth Generation is a social organization that has the aim to advance the village of Girirupo in particular and all levels of society in general. The organization has internal and external activities. Internal activities involve active members of the organization, while external activities involve non-governmental organizations. In business processes these organizations have a lot of data that is processed into information. The management of this information is carried out by recording regularly using books. The information generated is passed on to members and the community through word of mouth, instant messaging services, as well as WhatsApp groups owned by the organization. Management and delivery of information has not been done in a structured. The ability of organizations to manage data and information becomes more effective and structured after training in information management. The ease and speed in delivering information can also be realized by having an organization's website, namely girirupomuda.com

Evaluasi Tingkat Kesiapan Keamanan Informasi Pada Lembaga Pendidikan Menggunakan Indeks Kami 4.0

Evaluasi keamanan sistem informasi sangat diperlukan bagi sebuah organisasi, instansi, maupun perusahaan guna mencegah kebocoran data ataupun kerusakan sistem informasi. Penelitian ini dilakukan di sektor pendidikan pada lembaga UPTD XYZ di bawah kuasa Dinas Pendidikan Provinsi Daerah Istimewa Yogyakarta. Evaluasi kematangan dan tata kelola keamanan informasi diterapkan berdasarkan standar ISO/IEC 27001:2017 dengan menggunakan indeks keamanan informasi KAMI versi 4.0. Metode pengumpulan data dilakukan dengan cara observasi langsung dan interview terhadap penanggungjawab sistem informasi. Hasil yang didapatkan dari evaluasi untuk kebutuhan sistem elektronik sebesar 20, sedangkan tingkat kelengkapan informasi mendapatkan skor 245. Dari hasil tersebut dapat disimpulkan bahwa tingkat keamanan informasi masih sangat rendah dan diperlukan perbaikan sistem keamanan informasi dengan bekerja sama dengan pengembang keamanan informasi dari pihak ketiga. Information system security evaluation is indispensable for an organization, agency, or company to prevent data leakage or damage to information systems. This research was conducted in the education sector at the UPTD XYZ institution under the authority of the Yogyakarta Provincial Education Office. Information security maturity and governance evaluation is implemented based on ISO / IEC 27001: 2017 standard by using the WE information security index version 4.0. The data collection method is done by direct observation and interviews with the person in charge of the information system. The results obtained from the evaluation for electronic system requirements were 20, while the level of completeness of information got a score of 245. From these results it can be concluded that the level of information security is still very low and it is necessary to improve information security systems in collaboration with information security developers from third parties

Comparative Analysis of Apache 2 Performance in Docker Containers vs Native Environment

Web servers have become crucial to facilitate access to and distribute such content on the internet. In this case, Docker containerization technology offers a solution. Docker allows developers to package applications and dependencies in one container, making deploying web servers faster and easier. But with these features, is there any performance that must be sacrificed if we choose to use docker in our web server deployment process. We will look at how much performance will be sacrificed. However, we must thoroughly analyze how Apache2 performs when running in a Docker container compared to running natively. That's why we're conducting a study to compare the performance of Apache2 in a Docker container versus a native environment using experimental methods. For this study, we'll use the Apache bench tool to test Apache2's performance in both environments. By experimenting, it should become clear how the performance of Docker containers compares to native environments when developing web servers. The research shows that Apache2 performance on native hosts is about 5-10% better than in a docker environment in handling small request loads. The better performance here refers to the parameters we tested: total time results, requests per second, and transfer speed. The request load variation can differ depending on the server specification itself. Although Docker offers features in terms of application isolation and scalability, our results show that running Apache2 natively is more efficient without changing its default configuration. The additional overhead Docker can be required to run the docker system in isolating the application; in this case, the virtualization layer is required to run Apache2 inside a Docker container. This can affect application performance and cause a slight performance degradation compared to using the host operating system directly. This research aims to inform developers about the performance difference between apache2 in Docker and the native environment. It will help them make informed decisions about deployment environments. Docker offers appealing features, but its performance may need to improve.  Test results show that the native host performs better, although its feature set is not as extensive as that of Docker

Implementation of Open Web Application Security Project for Penetration Testing on Educational Institution Websites

The development of information technology cannot be separated from the development of website applications, as well as the threat of security attacks that will attack website applications. Educational Institution X uses a website application as an important medium in learning activities. Therefore, penetration testing is needed to find security holes in website applications. In this study, penetration testing will be carried out with the target website for student access at Educational Institution X based on the reason that there is sensitive student data that needs to be secure. The method used in this study is an experimental method with the OWASP TOP 10 2021 standard (Open Web Application Security Project). The penetration test results obtained on the website application at Educational Institution X found 11 vulnerabilities that could be tested. Of the 11 vulnerabilities, there is one vulnerability at the medium risk level, 7 at the low risk level, and 3 at the information risk level. The vulnerabilities found relate to token authentication, policy delivery, cookie attribute, cross-site script inclusion, authorization, clickjacking, and weak transport layer security. Based on the penetration testing activities obtained, it can be concluded that the vulnerability gaps found need to be further repaired by the website application system developer, in this case, the Educational Institution X. Therefore, the final result of this study is in the form of a report document containing a list of vulnerabilities, recommendations for vulnerability repairs, and vulnerability mitigation strategies as solutions for handling security systems on website applications to make them even better

Comparative Analysis of Apache 2 Performance in Docker Containers vs Native Environment

Web servers have become crucial to facilitate access to and distribute such content on the internet. In this case, Docker containerization technology offers a solution. Docker allows developers to package applications and dependencies in one container, making deploying web servers faster and easier. But with these features, is there any performance that must be sacrificed if we choose to use docker in our web server deployment process. We will look at how much performance will be sacrificed. However, we must thoroughly analyze how Apache2 performs when running in a Docker container compared to running natively. That's why we're conducting a study to compare the performance of Apache2 in a Docker container versus a native environment using experimental methods. For this study, we'll use the Apache bench tool to test Apache2's performance in both environments. By experimenting, it should become clear how the performance of Docker containers compares to native environments when developing web servers. The research shows that Apache2 performance on native hosts is about 5-10% better than in a docker environment in handling small request loads. The better performance here refers to the parameters we tested: total time results, requests per second, and transfer speed. The request load variation can differ depending on the server specification itself. Although Docker offers features in terms of application isolation and scalability, our results show that running Apache2 natively is more efficient without changing its default configuration. The additional overhead Docker can be required to run the docker system in isolating the application; in this case, the virtualization layer is required to run Apache2 inside a Docker container. This can affect application performance and cause a slight performance degradation compared to using the host operating system directly. This research aims to inform developers about the performance difference between apache2 in Docker and the native environment. It will help them make informed decisions about deployment environments. Docker offers appealing features, but its performance may need to improve. Test results show that the native host performs better, although its feature set is not as extensive as that of Docker

Anti-Forensics with Steganographic File Embedding in Digital Image Using Genetic Algorithm

In this study, a steganography method on digital images as anti-forensics by utilizing genetic algorithms was proposed. Genetic Algorithms are artificial intelligence whose functions are optimization and search. The purpose of this research is to optimize steganography as anti-forensic by applying a Genetic Algorithm and combined with the Hilbert curve, lempel Ziv Markov chain, and least significant bit. The result provides a new steganography method by combining various existing methods. The proposed method will be tested for image quality using PSNR, SSIM, Chi-Squared steganalysis and RS-Analysis, and extraction test. The novelty obtained from the developed method is that the steganography method is as optimal as anti-forensic in keeping confidential data, has a large embedding capacity, and is able to be undetected using forensic methods. The results can maintain data confidentiality, have a large embedding capacity, and are able to be undetected using forensic methods. The proposed method got better performance rather than the previous method because PSNR and SSIM values are high, secret data can be received back as long as the pixel value doesn't change, and the size of the embedding capacity. The proposed method has more ability to embed various types of payload/ secret data because of the way it works, which splits byte files into binary. The proposed method also has the ability not to be detected when forensic image testing is carried out

Edukasi Penggunaan Internet Aman dan Sehat untuk Anak-anak Pada Anggota PKK di Wilayah Klaten, Jawa Tengah

Dukuh Dawung, desa Sawit, kecamatan Gantiwarno berada di sebelah selatan kecamatan Gantiwarno, Klaten, Jawa Tengah. Secara umum, sarana dan prasarana yang tersedia di wilayah desa Sawit sudah terpenuhi dengan cukup baik. Permasalahan yang terjadi dalam masyarakat ini adalah rendahnya pengetahuan dan perhatian masyarakat terhadap literasi media pada anak-anak. Atas dasar tersebut, program ini memiliki tujuan untuk dapat memberikan peningkatan pemahaman para orang tua terhadap kebiasaan berinternet pada anak-anaknya. Adapun metode pelaksanaan program ini yaitu meliputi pemberian materi secara luring dan membuat media edukasi. Program PKM dilakukan selama 6 bulan. Adapun kegiatan yang dilakukan untuk mengatasi permasalahan tersebut yaitu pertama dengan melakukan sosialisasi kepada anggota PKK di dusun Dawung mengenai peningkatan pemahaman dan pemanfaatan berinternet sehat bagi anak-anak, selanjutnya membuat media edukasi mengenai tutorial mengoperasikan YouTube Kids. Hasil dan dampak dari rangkaian kegiatan program ini adalah peningkatan pemahaman mengenai pentingnya pemahaman dan pemanfaatan berinternet sehat bagi anak-anak sehingga orang tua dapat mendampingi anak-anak dalam berinternet. Luaran wajib pengabdian ini adalah berupa publikasi artikel ilmiah prosiding, publikasi pada media massa, serta peningkatan pemahaman dan ketrampilan masyarakat

Anti-Forensics with Steganographic File Embedding in Digital Image Using Genetic Algorithm

In this study, a steganography method on digital images as anti-forensics by utilizing genetic algorithms was proposed. Genetic Algorithms are artificial intelligence whose functions are optimization and search. The purpose of this research is to optimize steganography as anti-forensic by applying a Genetic Algorithm and combined with the Hilbert curve, lempel Ziv Markov chain, and least significant bit. The result provides a new steganography method by combining various existing methods. The proposed method will be tested for image quality using PSNR, SSIM, Chi-Squared steganalysis and RS-Analysis, and extraction test. The novelty obtained from the developed method is that the steganography method is as optimal as anti-forensic in keeping confidential data, has a large embedding capacity, and is able to be undetected using forensic methods. The results can maintain data confidentiality, have a large embedding capacity, and are able to be undetected using forensic methods. The proposed method got better performance rather than the previous method because PSNR and SSIM values are high, secret data can be received back as long as the pixel value doesn't change, and the size of the embedding capacity. The proposed method has more ability to embed various types of payload/ secret data because of the way it works, which splits byte files into binary. The proposed method also has the ability not to be detected when forensic image testing is carried out