GEMA TEKNOLOGI
Vol 21, No 4 (2022): October 2021 - April 2022

PEMANFAATAN METODE WAVS (WEB APPLICATION SECURITY SCANNERS) MENGGUNAKAN BURP SUITE TOOLS DALAM AUDIT TEKNIS KEAMANAN SISTEM INFORMASI SURAT TUGAS SEKOLAH VOKASI UNDIP

Arkhan Subari (STr. Teknik Listrik Industri, Sekolah Vokasi, Universitas Diponegoro)
Saiful Manan (STr. Teknik Listrik Industri, Sekolah Vokasi, Universitas Diponegoro)
Eko Ariyanto (STr. Teknik Listrik Industri, Sekolah Vokasi, Universitas Diponegoro)
Adnan Fauzi (Teknik Komputer, Fakultas Teknik, Universitas Diponegoro)

Article Info

Publish Date
30 Apr 2022

Abstract

An official travel assignment letter is a type of assignment letter needed by an employee in carrying out work assignments. In many ways, the assignment letter information system is built based on web-programming. In web-programming there are two methods to send data from client to server. The two methods are the POST method and the GET method. Information security is an important aspect that needs to be considered in design a information system. There are many attacker spying data on information system daily. Usually the attacker uses the loopholes in the data transmission method to attack the system. There are many techniques used to attack information systems likes WAVs (Web Application Security Scanners). WAVs is a program that is used to find security holes in web-based information systems using several methods, such as XSS, SQL Injection, Intercept and Bruteforce. One program that can be used is Burp Suite. Burp Suite is often used by security auditors, researchers, and testers for analysis of different systems. Burp's core functionality is to intercept and display HTTP requests in a structured manner. The Vocational School of Diponegoro University has developed an information system that is used to manage this assignment letter. The information system is design using a web-based application. However, the system has never been technically audited on its security level. Therefore, it is necessary to audit the information system security techniques so that the level of information system security can be ascertained and corrective steps can be taken if there are security holes found. This study is intended to conduct a technical audit of the security of the UNDIP Vocational School assignment letter information system. The audit was conducted using the WAVs (Web Application Security Scanners) method with the Burp Suite application. The results of the brutefoce test using Burpsuite showed that there was no suitable password. However, the fact that an attacker can attack 30,0006 times is a weakness that needs to be fixed.

Copyrights © 2022




Citation Download
RIS
EndNote, Reference Manager, ProCite
BibTex
Latex, Jabref
Original Source
Download Original
Google Scholar
Check in Google Scholar
Journal Info
GEMA TEKNOLOGI
Website

Abbrev

gema_teknologi

Publisher

Universitas Diponegoro

Subject

Computer Science & IT

Description

Gema Teknologi Journal (pISSN : 0852-0232, eISSN : 2656-582X) is an open access journal published by Vocational School, Diponegoro University, Indonesia. Gema Teknologi publishes articles from various engineering disciplines (the results of original scientific research or new scientific studies of ...