Web Vulnerability Assessment and Maturity Model Analysis on Indonesia Higher Education

Mantra, Ign; Hartawan, Muhammad Syarif; Saragih, Hoga; Rahman, Aedah Abd

doi:10.1016/j.procs.2019.11.229

Cited by 8 publications

(4 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In it, there will be various types of tests to ensure that the system you are developing is completely safe from various threats of cyber attacks [16]. There are several types of security testing, first one is vulnerability Scanning is a security test carried out through automated software to scan a web application to look for vulnerabilities such as SQL Injection, Cross Site Scripting, and other vulnerabilities [17], second is security scanning is a scan used to find vulnerabilities or unwanted file modifications in web-based applications, websites, networks, or file systems, third is penetration testing is a testing process by simulating a cyber attack on the system to be tested. This test will be carried out manually by a professional and certified pentester using various pentest tools and techniques [8], fourth is risk assessment through risk assessment, security risks faced by applications, software, and networks will be identified and analyzed.…”

Section: Security Assessment / Testingmentioning

confidence: 99%

Vulnerability Detection With K-Nearest Neighbor and Naïve Bayes Method using Machine Learning

Herman,

Riadi,

Kurniawan

2023

Int. J. Artif. Intell. Res

View full text Add to dashboard Cite

In this day and age, the use of the Internet has increased. SQL injection is a serious security threat on the Internet for various dynamic websites. As the use of the Internet for various online services increases, so make the security threats that exist on the Web. SQL injection attacks are one of the most serious security vulnerabilities on the Web. Most of these vulnerabilities are caused by a lack of input validation and the use of SQL parameters. SQLMap is an application from the Kali Linux operating system that is useful for injecting data on a website by using the features available in this application. In this paper, author conducts a security assessment to detect attacks on a website, more precisely to detect SQL Injection attacks, using the K-Nearest Neighbor method and naïve bayes. The results obtained are that the website being tested has SQL Injection vulnerabilities, and the K-Nearest Neighbor method is the best method for this case because it has an accuracy of 94.2%. In comparison, the Naïve Bayes method has an accuracy of 80%.

show abstract

Section: Security Assessment / Testingmentioning

confidence: 99%

Vulnerability Detection With K-Nearest Neighbor and Naïve Bayes Method using Machine Learning

Herman,

Riadi,

Kurniawan

2023

Int. J. Artif. Intell. Res

View full text Add to dashboard Cite

show abstract

“…With every advancement in information technology, the demand for security in its systems has increased to support the business needs of these companies [1], [2]. Information security is a crucial aspect of the operations of any university, as it helps protect the technological and information assets employed by the institution [3]. Information system security at XYZ University is an integral part of its IT, playing a crucial role in ensuring security across all information system sectors.…”

Section: Introductionmentioning

confidence: 99%

Evaluation of Governance in Information Systems Security to Minimize Information Technology Risks

Darmi,

Fernandez,

Fathoni

et al. 2024

intensif

View full text Add to dashboard Cite

Information system security within XYZ University constitutes a vital component of its IT framework, exerting significant influence over security levels across all facets of the information systems. Among the numerous implemented information system services at the university, a considerable portion lacks active security measures within operational systems. In pursuit of achieving uniform governance, this study adopts the most recent COBIT 2019 framework. The primary objective of this research is to evaluate the degree to which current information system security management aligns with the process achievement values stipulated in the COBIT 2019 standard. This evaluation entails the calculation of maturity level values that gauge performance levels in managing information system security. Findings from the COBIT 2019 Design assessment conducted at XYZ University's LTIK reveal that individuals scoring above 80 or those requiring Capability Level 4 include APO12 and BAI10. Moreover, the calculation outcomes for each subdomain reveal the presence of 2 subdomains at Level 4, 4 subdomains at Level 3, 15 subdomains at Level 2, and 19 subdomains at Level 1. The identification outcomes underscore the existence of gaps within each domain. Particularly, the APO12 and BAI10 domains exhibit a gap spanning 2 levels.

show abstract

“…In an attempt to improve both vulnerability detection and the general quality of web applications, several web vulnerability scanners (WVSs) have been developed and studied, including: the web application attack and audit framework (W3af) 15 ; OWASP zed attack proxy (OWASP ZAP) 16 ; Skipfish 17 ; Arachni 18 ; Vega 19 ; Stalker 20 ; and IronWASP. 21 [Correction added on 3 August 2020, after first online publication: the ORCID information of the fourth author has been added] Seng et al 22 defined WVSs as tools used to test and detect common security breaches in web applications.…”

Section: Introductionmentioning

confidence: 99%

An empirical comparison of commercial and open‐source web vulnerability scanners

et al. 2020

View full text Add to dashboard Cite

Web vulnerability scanners (WVSs) are tools that can detect security vulnerabilities in web services. Although both commercial and open-source WVSs exist, their vulnerability detection capability and performance vary. In this paper, we report on a comparative study to determine the vulnerability detection capabilities of eight WVSs (both open and commercial) using two vulnerable web applications: WebGoat and Damn vulnerable web application (DVWA). The eight WVSs studied were: Acunetix; HP WebInspect; IBM AppScan; OWASP ZAP; S ; Arachni; Vega; and Iron WASP. The performance was evaluated using multiple evaluation metrics: precision; recall; Youden index; OWASP web benchmark evaluation (WBE); and the web application security scanner evaluation criteria (WASSEC). The experimental results show that, while the commercial scanners are effective in detecting security vulnerabilities, some open-source scanners (such as ZAP and Skipfish) can also be effective. In summary, this study recommends improving the vulnerability detection capabilities of both the open-source and commercial scanners to enhance code coverage and the detection rate, and to reduce the number of false-positives.

show abstract

Web Vulnerability Assessment and Maturity Model Analysis on Indonesia Higher Education

Cited by 8 publications

References 0 publications

Vulnerability Detection With K-Nearest Neighbor and Naïve Bayes Method using Machine Learning

Vulnerability Detection With K-Nearest Neighbor and Naïve Bayes Method using Machine Learning

Evaluation of Governance in Information Systems Security to Minimize Information Technology Risks

An empirical comparison of commercial and open‐source web vulnerability scanners

Contact Info

Product

Resources

About