Security Analysis of the Silaturahmi UPN Jatim Website Based on the OWASP Top 10

Hilmi Arya Rafwa Muhammad; Muhammad Rakha Naufal; Muhammad Firza Pahlevi; Rafie Ahza Ghaisan

doi:10.59934/jaiea.v5i1.1236

Authors

Hilmi Arya Rafwa Muhammad Information Systems, Faculty of Computer Science, UPN “Veteran” Jawa Timur
Muhammad Rakha Naufal Information Systems, Faculty of Computer Science, UPN “Veteran” Jawa Timur
Muhammad Firza Pahlevi Information Systems, Faculty of Computer Science, UPN “Veteran” Jawa Timur
Rafie Ahza Ghaisan Information Systems, Faculty of Computer Science, UPN “Veteran” Jawa Timur

DOI:

https://doi.org/10.59934/jaiea.v5i1.1236

Keywords:

Web Security, OWASP top 10, Vulnerability Assessment, Academic Information System, Cybersecurity

Abstract

The Silaturahmi UPN Jatim website was developed to support academic services by facilitating course conversion for students involved in independent study and internship programs. However, as a web-based academic system, it faces potential cybersecurity threats such as SQL Injection, Cross-Site Scripting (XSS), and session hijacking—risks that continue to increase globally. This study aims to evaluate the website’s security using the OWASP Top 10 framework to identify vulnerabilities and assess associated risks. A qualitative descriptive method was used, with data collected through manual inspection of the website’s structure and behavior. Vulnerability classification and risk assessment were conducted based on OWASP Risk Rating and CVSS scores. The results identified 15 security issues, including a high-risk vulnerability related to cryptographic data exposure and several misconfigured security headers. The findings emphasize the need for improved security practices in academic systems. Recommendations are provided to enhance the site’s protection, ensuring better compliance with modern security standards and strengthening digital trust within UPN Jatim’s academic environment.

Downloads

Download data is not yet available.

References

M. S. S. Wardaya, “Penetration Testing terhadap Website Asosiasi Pekerja Professional Informasi Sekolah Indonesia (APISI),” J. Kajian Pendidikan Ekonomi dan Ilmu Ekonomi, vol. 2, no. 1, pp. 1–19, 2019. [Online]. Available: https://www.scopus.com/inward/record.url?eid=2-s2.0-84886507390&partnerID=ZDt0x3y1

Mabes TNI Angkatan Laut, “Keamanan Siber Indonesia Berada di 3 Posisi Terbawah di Antara Negara G20,” Naval-CSIRT, 2022. [Online]. Available: https://naval-csirt.tnial.mil.id/keamanan-siber-indonesia-peringkat-ke-3-terbawah-di-antara-negara-negara-g20

A. Bastian, H. Sujadi, and L. Abror, “Analisis Keamanan Aplikasi Data Pokok Pendidikan (Dapodik) Menggunakan Penetration Testing dan SQL Injection,” INFOTECH J., vol. 6, no. 2, pp. 65–70, 2020.

H. Setiawan, L. E. Erlangga, S. Siddiq, and Y. A. Gunawan, “Analisis Kerawanan pada Aplikasi Website Menggunakan Standar OWASP Top 10 untuk Penilaian Risk Rating,” Info Kripto, vol. 17, no. 1, pp. 15–21, 2023, doi: 10.56706/ik.v17i1.64.

R. Farismana and D. Pramadhana, “Perbandingan Vulnerability Assessment Menggunakan OWASP ZAP dan Acunetix pada Sistem Informasi Repository Politeknik Negeri Indramayu,” J. Tek. Inform. dan Teknol. Informasi, vol. 3, no. 2, pp. 26–32, 2023.

D. N. Cuong, M. Saputra, and W. Puspitasari, “Analisis Resiko Keamanan terhadap Website Dinas Penanaman Modal dan Pelayanan Terpadu Satu Pintu Pemerintahan XYZZY Menggunakan Standar Penetration Testing Execution Standard (PTES),” e-Proceeding Eng., vol. 7, no. 1, pp. 2090–2095, 2020.

T. S. Revolino and D. J. Andri, “Analisis Perbandingan Metode Web Security PTES, ISSAF, dan OWASP di Dinas Komunikasi dan Informasi Kota Bandung,” Prosiding SoBAT, vol. 1, no. 1, 2019.