Vulnerability Analysis And Proven On The neonime.co Website using OWASP Zap 4 and XSpear

Muhammad Alfarizi(1), Muhammad Najie K(2), Muhammad Afif H(3), Ilham Firman Ashari(4),


(1) Program Studi Teknik Informatika, Institut Teknologi Sumatera
(2) Program Studi Teknik Informatika, Institut Teknologi Sumatera
(3) Program Studi Teknik Informatika, Institut Teknologi Sumatera
(4) Program Studi Teknik Informatika, Institut Teknologi Sumatera
Corresponding Author

Abstract


Website or what is often also called Web, can be interpreted as a collection of a page that displays a type of text information, data, images. Computer network security is one of the most important and fundamental to the system. In using the web which is very easy to do, especially in reading such as comics and so on, it is necessary to anticipate security so that web applications can be protected from harassment or hacker attacks such as Cross-Site Scripting (XSS). This experiment was conducted to determine the vulnerability of the comic web application by means of a self-test using the ZAP and XSpear tools. This test is carried out to secure the application that is used as a follow-up recommendation in securing the Smart Payment application. The results of this experiment found a vulnerability in the comic reading web, namely neonime.co. The vulnerabilities found were Cross-Domain Misconfiguration, X-Frame-Options Header Not Set, Absence of Anti-CSRF Tokens, Cookie No HTTP Only Flag, Cookie without Same Site Attribute, Cross-Domain JavaScript Source File Inclusion, Incomplete or No Cache-control Header Set, Server Leaks Information via "X-Powered-By" HTTP ResponseHeader Field(s) and Timestamp Disclosure - Unix. In addition to obtaining vulnerabilities from the comic web application, solutions are also provided to overcome vulnerabilities in the Smart Payment application.


Keywords


Web Application; XSpear; OWASP; Network; Security

References


I. F. Ashari, “Implementation of Cyber-Physical-Social System Based on Service Oriented Architecture in Smart Tourism,” J. Appl. Informatics Comput., vol. 4, no. 1, pp. 66–73, 2020, doi: 10.30871/jaic.v4i1.2077.

I. F. Ashari, “The Evaluation of Image Messages in MP3 Audio Steganography Using Modified Low-Bit Encoding,” Telematika, vol. 15, 2021.

OWASP.org, OWAPS Top 10 API Security. 2019.

I. P. A. Eka Pratama and A. A. B. A. Wiradarma, “Open Source Intelligence Testing Using the OWASP Version 4 Framework at the Information Gathering Stage (Case Study: X Company),” Int. J. Comput. Netw. Inf. Secur., vol. 11, no. 7, pp. 8–12, 2019, doi: 10.5815/ijcnis.2019.07.02.

G. Guntoro, L. Costaner, and M. Musfawati, “Analisis Keamanan Web Server Open Journal System (Ojs) Menggunakan Metode Issaf Dan Owasp (Studi Kasus Ojs Universitas Lancang Kuning),” JIPI (Jurnal Ilm. Penelit. dan Pembelajaran Inform., vol. 5, no. 1, p. 45, 2020, doi: 10.29100/jipi.v5i1.1565.

R. Nursyanti, R. Y. R. Alamsyah, and S. Perdana, “Perancangan Aplikasi Berbasis Web Untuk Membantu Pengujian Kualitas Kain Tekstil Otomotif (Studi Kasus Pada Pt. Ateja Multi Industri),” Explor. J. Sist. Inf. dan Telemat., vol. 10, no. 2, 2019, doi: 10.36448/jsit.v10i2.1323.

S. Ariyani, “ATCS System Security Audit Using Nessus,” J. Inf. Eng. Appl., vol. 7, no. 3, pp. 24–27, 2017, [Online]. Available: https://core.ac.uk/download/pdf/234677355.pdf.

I. F. Ashari, “Graph Steganography Based On Multimedia Cover To Improve Security and Capacity,” in 2018 International Conference on Applied Information Technology and Innovation (ICAITI), 2018, no. April 2019, pp. 194–201.

A. Saputra, N. Nelmiawati, and M. A. R. Sitorus, “Penilaian Ancaman pada Website Transkrip Aktifitas Mahasiswa Politeknik Negeri Batam Menggunakan Metode DREAD,” J. Integr., vol. 9, no. 1, p. 53, 2017, doi: 10.30871/ji.v9i1.281.

D. Juardi, “Kajian Vulnerability Keamanan Jaringan Internet Menggunakan Nessus,” Syntax J. Inform., vol. 6, no. 1, pp. 11–19, 2017, [Online]. Available: https://scholar.archive.org/work/qpscnk4zpre35htpmw4lnceqn4/access/wayback/https://journal.unsika.ac.id/index.php/syntax/article/viewFile/1148/Kajian Vulnerability Keamanan Jaringan Internet Menggunakan Nessus.

G. A. Herdiana and M. Sudarma, “Audit Configuration and Vulnerability Router on Diskominfos of Bali Province,” Ojs.Unud.Ac.Id, vol. 6, no. 2, pp. 100–104, 2021, [Online]. Available: https://ojs.unud.ac.id/index.php/ijeet/article/download/IJEET.2021.v06.i01.p17/39912.


Full Text: PDF

Article Metrics

Abstract View : 685 times
PDF Download : 283 times

DOI: 10.56327/jtksi.v5i2.1130

Refbacks

  • There are currently no refbacks.