Analisis dan Rekomendasi Keamanan Website Kampus X Menggunakan ISSAF
Article Sidebar
📅
Published:
Jan 20, 2025
Main Article Content
Abstract
Article Summary
The security of educational institution websites is critical in the digital era, especially with the increasing reliance on web-based services. This study evaluates the security of the Campus X website in Malang City using ISSAF (Information Systems Security Assessment Framework). The research stages include information gathering, network mapping, vulnerability identification, and penetration testing. At the vulnerability identification stage, tools such as OWASP ZAP and Acunetix detect security holes in web applications. The results show that the server has implemented the TLS protocol with basic security configuration. Still, several vulnerabilities exist, such as unnecessary open ports and deficiencies in the security header settings. Scanning using OWASP ZAP identified 24 security alerts, 12.5% of which were categorized as high risk, including SQL Injection and a lack of Content Security Policy (CSP). Additionally, DDoS attack simulations demonstrated server resilience, but testing showed the need for security improvements in other aspects. Key recommendations include implementing DNSSEC, closing unused ports, adding CSP headers, and improving protection against web application-based attacks. This research emphasizes the importance of a holistic and ongoing approach to website security management, including regular audits and real-time monitoring. With this strategy, institutions hope to strengthen their security posture, protect digital assets, and minimize the risk of ever-growing cyber attacks.
Keywords
Article Keywords
Downloads
Download data is not yet available.
Article Details
How to Cite
Saputra, D. W., Pradini, R. S., & Anshori, M. (2025). Analisis dan Rekomendasi Keamanan Website Kampus X Menggunakan ISSAF. Jurnal Indonesia : Manajemen Informatika Dan Komunikasi, 6(1), 830-843. https://doi.org/10.35870/jimik.v6i1.1306
Section
Articles
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC-BY 4.0) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
License: All articles are licensed under 
References
Albalawi, N., Alamrani, N., Aloufi, R., Albalawi, M., Aljaedi, A., & Alharbi, A. R. (2023). The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities. Electronics, 12(12), 2664. https://doi.org/10.3390/electronics12122664.
Asriyanik, A., & Prajoko, P. (2018). Manajemen Risiko Keamanan Informasi Menggunakan ISO 27005: 2011 pada Sistem Informasi Akademik (SIAK) Universitas Muhammadiyah Sukabumi (UMMI). Jurnal Teknik Informatika dan Sistem Informasi, 4(2), 319-329. https://doi.org/http://dx.doi.org/10.28932/jutisi.v4i2.792.
Eshetu, A. Y., Mohammed, E. A., & Salau, A. O. (2024). Cybersecurity vulnerabilities and solutions in Ethiopian university websites. Journal of Big Data, 11(1), 118.
Franchina, L., Inzerilli, G., Scatto, E., Calabrese, A., Lucariello, A., Brutti, G., & Roscioli, P. (2021). Passive and active training approaches for critical infrastructure protection. International Journal of Disaster Risk Reduction, 63, 102461. https://doi.org/10.1016/j.ijdrr.2021.102461.
Goni, A., Jahangir, M. U. F., & Chowdhury, R. R. (2024). A Study on Cyber security: Analyzing Current Threats, Navigating Complexities, and Implementing Prevention Strategies. International Journal of Research and Scientific Innovation, 10(12), 507-522.
Hariyadi, D., & Nastiti, F. E. (2021). Analisis Keamanan Sistem Informasi Menggunakan Sudomy dan OWASP ZAP di Universitas Duta Bangsa Surakarta. Jurnal Komtika (Komputasi dan Informatika), 5(1), 35-42. https://doi.org/10.31603/komtika.v5i1.5134.
Herman, H., Riadi, I., Kurniawan, Y., & Rafiq, I. A. (2023). Analisis Keamanan Website Menggunakan Information System Security Asessment Framework (ISSAF). Jurnal Teknologi Informatika dan Komputer, 9(1), 126-136. https://doi.org/10.37012/jtik.v9i1.1439.
Idris, M., Syarif, I., & Winarno, I. (2022). Web application security education platform based on OWASP API security project. EMITTER international journal of engineering technology, 246-261. https://doi.org/10.24003/emitter.v10i2.705.
Maulana, S. A. (2021). Analisis Keamanan Website dengan Information System Security Assessment Framework (Issaf) dan Open Web Application Security Project (Owasp) di Rumah Sakit Xyz. Jurnal Indonesia Sosial Teknologi, 2(04), 506-519. https://doi.org/https://doi.org/10.59141/jist.v2i04.124.
Mishra, S., Alowaidi, M. A., & Sharma, S. K. (2021). Impact of security standards and policies on the credibility of e-government. Journal of Ambient Intelligence and Humanized Computing, 1-12. https://doi.org/10.1007/s12652-020-02767-5.
Nur, M. N. A. (2024). cPanel Server Hosting Security Against Malware and DDoS Attacks on the Open Journal System Platform. Scientific Journal of Informatics, 11(3), 761-772. https://doi.org/10.15294/sji.v11i3.11605.
Nurelasari, E., & Al Farabi, D. G. (2024). ANALISIS KEAMANAN SISTEM WEBSITE MENGGUNAKAN METODE OPEN WEB APPLICATION SECURITY PROJECT (OWASP) PADA SIMANTEP. ID. JATI (Jurnal Mahasiswa Teknik Informatika), 8(3), 3049-3054. https://doi.org/10.36040/jati.v8i3.9314.
Sarker, K. U., Yunus, F., & Deraman, A. (2023). Penetration Taxonomy: A Systematic Review on the Penetration Process, Framework, Standards, Tools, and Scoring Methods. Sustainability, 15(13), 10471. https://doi.org/10.3390/su151310471.
Sarker, K. U., Yunus, F., & Deraman, A. (2023). Penetration Taxonomy: A Systematic Review on the Penetration Process, Framework, Standards, Tools, and Scoring Methods. Sustainability, 15(13), 10471. https://doi.org/10.3390/app12084077.
Silmina, E. P., Firdonsyah, A., & Amanda, R. A. A. (2022). Analisis Keamanan Jaringan Sistem Informasi Sekolah Menggunakan Penetration Test Dan Issaf. no, 3, 83-91. https://doi.org/10.14710/transmisi.24.3.83-91.
Singh, S., Hosen, A. S., & Yoon, B. (2021). Blockchain security attacks, challenges, and solutions for the future distributed iot network. Ieee Access, 9, 13938-13959. https://doi.org/10.1109/ACCESS.2021.3051602.
Sutabri, T., Wijaya, A., Herdiansyah, M. I., & Negara, E. S. (2024). Evaluasi Risiko Celah Keamanan Aplikasi E-Office menggunakan Metode OWASP. Edumatic: Jurnal Pendidikan Informatika, 8(1), 113-122. https://doi.org/10.29408/edumatic.v8i1.25463.
Szymkowiak, A., Melović, B., Dabić, M., Jeganathan, K., & Kundi, G. S. (2021). Information technology and Gen Z: The role of teachers, the internet, and technology in the education of young people. Technology in Society, 65, 101565. https://doi.org/10.1016/j.techsoc.2021.101565.
Tara, T. R., & Yunanri, W. (2023). ANALISIS KEAMANAN WEBSITE SISTEM INFORMASI ADMINISTRASI KEPENDUDUKAN MENGGUNAKAN METODE VULNERABILITY ASSESMENT. JURNAL TEKNOLOGI INFORMATIKA DAN KOMPUTER, 1(1), 1-9. https://doi.org/10.51401/jurtikom.v1i1.3172.
Umar, R., Riadi, I., Ihya, M., & Elfatiha, A. (2023). Analisis Keamanan Sistem Informasi Akademik Berbasis Web Menggunakan Framework ISSAF. JUTISI (Jurnal Ilmiah Teknik Informatika Dan Sistem Informasi), 12(1), 280–292. https://doi.org/10.35889/jutisi.v12i1.1191.
Utomo, I. C., & Rokhmah, S. (2022). Konfigurasi SSL Untuk Meningkatkan Keamanan Web server Pada Program Studi Teknik Informatika Universitas Muhammadiyah Surakarta. Jurnal Rekayasa Teknologi Informasi (JURTI), 6(2), 143. https://doi.org/10.30872/jurti.v6i2.8333.
Wijaya, I. G. A. S. P., Sasmita, G. M. A., & Pratama, I. P. A. E. (2024). Web Application Penetration Testing on Udayana University’s OASE E-learning Platform Using Information System Security Assessment Framework (ISSAF) and Open Source Security Testing Methodology Manual (OSSTMM). International Journal of Information Technology and Computer Science, 16(2), 45–56. https://doi.org/10.5815/ijitcs.2024.02.04.
Wijayanto, D., & Firdonsyah, A. (2024). Analisis Tingkat Resiko Pada Website Xyz Menggunakan Metode Owasp. Digital Transformation Technology, 4(1), 644–651. https://doi.org/10.47709/digitech.v4i1.4485.
Asriyanik, A., & Prajoko, P. (2018). Manajemen Risiko Keamanan Informasi Menggunakan ISO 27005: 2011 pada Sistem Informasi Akademik (SIAK) Universitas Muhammadiyah Sukabumi (UMMI). Jurnal Teknik Informatika dan Sistem Informasi, 4(2), 319-329. https://doi.org/http://dx.doi.org/10.28932/jutisi.v4i2.792.
Eshetu, A. Y., Mohammed, E. A., & Salau, A. O. (2024). Cybersecurity vulnerabilities and solutions in Ethiopian university websites. Journal of Big Data, 11(1), 118.
Franchina, L., Inzerilli, G., Scatto, E., Calabrese, A., Lucariello, A., Brutti, G., & Roscioli, P. (2021). Passive and active training approaches for critical infrastructure protection. International Journal of Disaster Risk Reduction, 63, 102461. https://doi.org/10.1016/j.ijdrr.2021.102461.
Goni, A., Jahangir, M. U. F., & Chowdhury, R. R. (2024). A Study on Cyber security: Analyzing Current Threats, Navigating Complexities, and Implementing Prevention Strategies. International Journal of Research and Scientific Innovation, 10(12), 507-522.
Hariyadi, D., & Nastiti, F. E. (2021). Analisis Keamanan Sistem Informasi Menggunakan Sudomy dan OWASP ZAP di Universitas Duta Bangsa Surakarta. Jurnal Komtika (Komputasi dan Informatika), 5(1), 35-42. https://doi.org/10.31603/komtika.v5i1.5134.
Herman, H., Riadi, I., Kurniawan, Y., & Rafiq, I. A. (2023). Analisis Keamanan Website Menggunakan Information System Security Asessment Framework (ISSAF). Jurnal Teknologi Informatika dan Komputer, 9(1), 126-136. https://doi.org/10.37012/jtik.v9i1.1439.
Idris, M., Syarif, I., & Winarno, I. (2022). Web application security education platform based on OWASP API security project. EMITTER international journal of engineering technology, 246-261. https://doi.org/10.24003/emitter.v10i2.705.
Maulana, S. A. (2021). Analisis Keamanan Website dengan Information System Security Assessment Framework (Issaf) dan Open Web Application Security Project (Owasp) di Rumah Sakit Xyz. Jurnal Indonesia Sosial Teknologi, 2(04), 506-519. https://doi.org/https://doi.org/10.59141/jist.v2i04.124.
Mishra, S., Alowaidi, M. A., & Sharma, S. K. (2021). Impact of security standards and policies on the credibility of e-government. Journal of Ambient Intelligence and Humanized Computing, 1-12. https://doi.org/10.1007/s12652-020-02767-5.
Nur, M. N. A. (2024). cPanel Server Hosting Security Against Malware and DDoS Attacks on the Open Journal System Platform. Scientific Journal of Informatics, 11(3), 761-772. https://doi.org/10.15294/sji.v11i3.11605.
Nurelasari, E., & Al Farabi, D. G. (2024). ANALISIS KEAMANAN SISTEM WEBSITE MENGGUNAKAN METODE OPEN WEB APPLICATION SECURITY PROJECT (OWASP) PADA SIMANTEP. ID. JATI (Jurnal Mahasiswa Teknik Informatika), 8(3), 3049-3054. https://doi.org/10.36040/jati.v8i3.9314.
Sarker, K. U., Yunus, F., & Deraman, A. (2023). Penetration Taxonomy: A Systematic Review on the Penetration Process, Framework, Standards, Tools, and Scoring Methods. Sustainability, 15(13), 10471. https://doi.org/10.3390/su151310471.
Sarker, K. U., Yunus, F., & Deraman, A. (2023). Penetration Taxonomy: A Systematic Review on the Penetration Process, Framework, Standards, Tools, and Scoring Methods. Sustainability, 15(13), 10471. https://doi.org/10.3390/app12084077.
Silmina, E. P., Firdonsyah, A., & Amanda, R. A. A. (2022). Analisis Keamanan Jaringan Sistem Informasi Sekolah Menggunakan Penetration Test Dan Issaf. no, 3, 83-91. https://doi.org/10.14710/transmisi.24.3.83-91.
Singh, S., Hosen, A. S., & Yoon, B. (2021). Blockchain security attacks, challenges, and solutions for the future distributed iot network. Ieee Access, 9, 13938-13959. https://doi.org/10.1109/ACCESS.2021.3051602.
Sutabri, T., Wijaya, A., Herdiansyah, M. I., & Negara, E. S. (2024). Evaluasi Risiko Celah Keamanan Aplikasi E-Office menggunakan Metode OWASP. Edumatic: Jurnal Pendidikan Informatika, 8(1), 113-122. https://doi.org/10.29408/edumatic.v8i1.25463.
Szymkowiak, A., Melović, B., Dabić, M., Jeganathan, K., & Kundi, G. S. (2021). Information technology and Gen Z: The role of teachers, the internet, and technology in the education of young people. Technology in Society, 65, 101565. https://doi.org/10.1016/j.techsoc.2021.101565.
Tara, T. R., & Yunanri, W. (2023). ANALISIS KEAMANAN WEBSITE SISTEM INFORMASI ADMINISTRASI KEPENDUDUKAN MENGGUNAKAN METODE VULNERABILITY ASSESMENT. JURNAL TEKNOLOGI INFORMATIKA DAN KOMPUTER, 1(1), 1-9. https://doi.org/10.51401/jurtikom.v1i1.3172.
Umar, R., Riadi, I., Ihya, M., & Elfatiha, A. (2023). Analisis Keamanan Sistem Informasi Akademik Berbasis Web Menggunakan Framework ISSAF. JUTISI (Jurnal Ilmiah Teknik Informatika Dan Sistem Informasi), 12(1), 280–292. https://doi.org/10.35889/jutisi.v12i1.1191.
Utomo, I. C., & Rokhmah, S. (2022). Konfigurasi SSL Untuk Meningkatkan Keamanan Web server Pada Program Studi Teknik Informatika Universitas Muhammadiyah Surakarta. Jurnal Rekayasa Teknologi Informasi (JURTI), 6(2), 143. https://doi.org/10.30872/jurti.v6i2.8333.
Wijaya, I. G. A. S. P., Sasmita, G. M. A., & Pratama, I. P. A. E. (2024). Web Application Penetration Testing on Udayana University’s OASE E-learning Platform Using Information System Security Assessment Framework (ISSAF) and Open Source Security Testing Methodology Manual (OSSTMM). International Journal of Information Technology and Computer Science, 16(2), 45–56. https://doi.org/10.5815/ijitcs.2024.02.04.
Wijayanto, D., & Firdonsyah, A. (2024). Analisis Tingkat Resiko Pada Website Xyz Menggunakan Metode Owasp. Digital Transformation Technology, 4(1), 644–651. https://doi.org/10.47709/digitech.v4i1.4485.