I Gusti Agung Surya Pramana Wijaya

Work place: Dept of Information Technology, Faculty of Engineering, Udayana University, Bali, Indonesia

E-mail: pramanawijaya@student.unud.ac.id

Website:

Research Interests: Cloud Computing, Computer Networks, Computer Security

Biography

I Gusti Agung Surya Pramana Wijaya, Dept of Information Technology, Faculty of Engineering, Udayana University, Denpasar, Bali, Indonesia
I Gusti Agung Surya Pramana Wijaya is a student currently pursuing a degree in Information Technology at the Faculty of Engineering, Udayana University Denpasar, Bali, Indonesia His main interests in Computer Network and Security, cloud computing, Virtualization, Computer systems and networks software, as well as Linux.

Author Articles
Web Application Penetration Testing on Udayana University's OASE E-learning Platform Using Information System Security Assessment Framework (ISSAF) and Open Source Security Testing Methodology Manual (OSSTMM)

By I Gusti Agung Surya Pramana Wijaya Gusti Made Arya Sasmita I Putu Agus Eka Pratama

DOI: https://doi.org/10.5815/ijitcs.2024.02.04, Pub. Date: 8 Apr. 2024

Education is a field that utilizes information technology to support academic and operational activities. One of the technologies widely used in the education sector is web-based applications. Web-based technologies are vulnerable to exploitation by attackers, which highlights the importance of ensuring strong security measures in web-based systems. As an educational organization, Udayana University utilizes a web-based application called OASE. OASE, being a web-based system, requires thorough security verification. Penetration testing is conducted to assess the security of OASE. This testing can be performed using the ISSAF and OSSTMM frameworks. The penetration testing based on the ISSAF framework consists of 9 steps, while the OSSTMM framework consists of 7 steps for assessment. The results of the OASE penetration testing revealed several system vulnerabilities. Throughout the ISSAF phases, only 4 vulnerabilities and 3 information-level vulnerabilities were identified in the final testing results of OASE. Recommendations for addressing these vulnerabilities are provided as follows. Implement a Web Application Firewall (WAF) to reduce the risk of common web attacks in the OASE web application. input and output validation to prevent the injection of malicious scripts addressing the stored XSS vulnerability. Update the server software regularly and directory permission checks to eliminate unnecessary information files and prevent unauthorized access. Configure a content security policy on the web server to ensure mitigation and prevent potential exploitation by attackers.

[...] Read more.
Other Articles