Vulnerability Analysis of E-voting Application using Open Web Application Security Project (OWASP) Framework

Sunardi, Sunardi; Riadi, Imam; Raharja, Pradana Ananda

doi:10.14569/ijacsa.2019.0101118

Cited by 5 publications

(2 citation statements)

References 17 publications

(19 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Acunetix and NetSparker showed lower false positive rates than OWASP-ZAP, while tests utilizing the OWASP-ZAP tools had stronger vulnerability detection and were ranked in the open source category [7]. Based on the amount of risk, vulnerability information can be obtained from scan results using a vulnerability scanner [8]. Then, in order to enhance accuracy, testing utilizing the OWASP technique, which makes use of a vulnerability scanning tool, also needs to be configured [9].…”

Section: Introductionmentioning

confidence: 99%

Web Application Vulnerability Analysis Using the OWASP Method (Case Study: OJS CSFD UIN Sunan Kalijaga Yogyakarta)

Arromdoni,

Kusuma,

Sugiantoro

2024

Engineering Headway

View full text Add to dashboard Cite

The Cyber Security and Digital Forensics (CSFD) Open Journal System (OJS) website owned by the information technology center and database (PTIPD) Islamic University Negri Sunan Kalijaga Yogyakarta is a software content management system (CMS) application that is intended as a media and means of research publications from academic research. Web-based applications that are not properly monitored will have the impact of being attacked by attackers. Vulnerability gaps that have been found by irresponsible attackers will have a very bad impact on the performance of the website application. From the summary of the results of the vulnerability scan, the researcher did not find high status vulnerability gaps using Aucentix tools, the researcher only found 18 vulnerability gaps at the medium risk level, 8 vulnerability gaps at low level and 10 informational vulnerability loopholes. As a comparison, the researchers conducted another scan using the OWAS-ZAP (Zed Attack Proxy) tool and found 17 vulnerabilities with details: 1 with high status, 4 with medium status, 8 with low status and 4 with informational status. The research is based on the OWASP Top-10 method as a measure and parameter in testing using penetration testing. researchers got 1 test result with successful status, namely Using Components with Known Vulnerabilities. Then the researcher found 1 type of vulnerability with posibility status, namely Sensitive Data Exposure with finding data that was not sensitive and 8 vulnerabilities that were not discovered, including: 1. Broken Authentication, 2. Cross-Site Scripting, 3. Security Misconfiguration, 4. Insufficient Logging and Monitoring, 5. Broken Access Control, 6. SQL Injection, 7. XML External Entities , 8. Insecure Deserialization.

show abstract

Section: Introductionmentioning

confidence: 99%

Web Application Vulnerability Analysis Using the OWASP Method (Case Study: OJS CSFD UIN Sunan Kalijaga Yogyakarta)

Arromdoni,

Kusuma,

Sugiantoro

2024

Engineering Headway

View full text Add to dashboard Cite

show abstract

“…Despite majority of organizations attempting to protect their systems using Secure Sockets Layer (SSL) and firewalls, they do not provide adequate protection against web system intrusion. This is because website access is public [30], [31], [32], [33], [34]. Web-based systems' backend data can always be directly accessed and since majority of them are customized, their degrees of testing are lower compared to off-shelf applications [35].…”

Section: Introductionmentioning

confidence: 99%

Review of the security challenges in web-based systems

Awuor¹

2023

World J. Adv. Eng. Technol. Sci.

View full text Add to dashboard Cite

Web-based systems are vulnerable to security issues similar to any other applications. Due to the characteristics of web-based systems such as their distributable nature and cross platform accessibility, security challenges are predominant. Recently, more focus has been placed on how to handle security concerns in web systems. Current solutions to counteract the web-based system security challenges include web system languages, firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), cryptographic techniques, digital certificates and signatures among others. However, attacks and threats such as cross site scripting (XSS), Distributed Denial of Service (DDoS), cross-site request forgery (CSRF) and structured query language (SQL) injection attacks are still common. This gives the impression that there are still security challenges in this regard, despite the efforts for detection and prevention of attacks. Consequently, due to their dynamism, secure architectures are pivotal for the security of web-based systems. The focus of this paper therefore, is to review the existing security challenges of web-based systems. It is evident from this literature study that most security challenges in web-based systems stem from the threat of unauthorized access and risks from implementing technologies and standards that are under developed as regards security.

show abstract

State-of-the-Art Survey on Web Vulnerabilities, Threat Vectors, and Countermeasures

Kaur

Garg

2022

Studies in Computational Intelligence

View full text Add to dashboard Cite

Vulnerability Analysis of E-voting Application using Open Web Application Security Project (OWASP) Framework

Cited by 5 publications

References 17 publications

Web Application Vulnerability Analysis Using the OWASP Method (Case Study: OJS CSFD UIN Sunan Kalijaga Yogyakarta)

Web Application Vulnerability Analysis Using the OWASP Method (Case Study: OJS CSFD UIN Sunan Kalijaga Yogyakarta)

Review of the security challenges in web-based systems

State-of-the-Art Survey on Web Vulnerabilities, Threat Vectors, and Countermeasures

Contact Info

Product

Resources

About