This research aims to determine security holes and risks that may arise in the educational institution’s repository web application. The repository web application contains research data, journals, articles, and papers from lecturers and students at the institution. This web application does not yet have documentation about security holes and risks in it. It causes a sense of concern on the part of educational institutions. Therefore, it is necessary to have a security assessment to conduct a risk-oriented assessment that might occur if an attack is attempted. The Vulnerability Assessment and Penetration Testing (VAPT) method was utilized to conduct a security assessment and test educational institutions’ repository web application. Several vulnerabilities found with the Nessus tool could still be exploited and resulted in findings in legal access rights when the researchers performed a test simulation on the repository web application. This research was used as a report to the educational institution, particularly as a material for the evaluation process to increase its web application security. This research was carried out within the educational institution environment. Hence, it did not fully describe the possibility of actual attacks originating from outside the educational institution environment.
Copyrights © 2020