Analysis of Cross Site Request Forgery (CSRF) Attacks on West Lampung Regency Websites Using OWASP ZAP Tools
DOI:
https://doi.org/10.32736/sisfokom.v11i2.1393Keywords:
CSRF, OWASP, Vulnerabilities, Penetration, WebsiteAbstract
Technological developments in the field of increasingly advanced computers and networks have caused many organizations to use web applications to provide business services. With the increasing popularity of the internet, the number of cyber-attacks has also increased. To overcome these negative impacts, the role of network security is very necessary. The Cross Site Request Forgery (CSRF) method is a penetration technique aimed at exploiting website security vulnerabilities and there is one tool commonly used to find security vulnerabilities on websites, namely OWASP ZAP. The research has succeeded in proving security vulnerabilities on the website of the West Lampung district by conducting attack simulations. From the results of the experiment, it was found that there were 12 alerts with low risk on the website of West Lampung Regency. In 12 alerts there are 53 URL pages that are vulnerable to attack.References
I. F. Ashari, “Implementation of Cyber-Physical-Social System Based on Service Oriented Architecture in Smart Tourism Case Study : Bandung Natural Tourism,” J. Appl. Informatics Comput., vol. 4, no. 1, pp. 66–73, 2020.
S. S. Wanda, “Efektivitas Pemanfaatan Website Dalam Rangka Promosi Produk dan Peningkatan Penjualan Studi Kasus PT Amonindo Utama,” PROSISKO (Jurnal Pengemb. Ris. dan Obs. Sist. Komputer), vol. 4, no. 2, pp. 107–117, 2017, [Online]. Available: https://repository.nusamandiri.ac.id/index.php/repo/viewitem/14763.
I. F. Ashari, R. Banjarnahor, and D. R. Farida, “Application of Data Mining with the K-Means Clustering Method and Davies Bouldin Index for Grouping IMDB Movies,” vol. 6, no. 1, pp. 7–15, 2022.
I. F. Ashari, M. D. Satria, and M. Idris, “Parking System Optimization Based on IoT using Face and Vehicle Plat Recognition via Amazon Web Service and ESP-32 CAM ( Case Study : Institut Teknologi Sumatera ),” vol. 11, no. 2, pp. 137–153, 2022.
I. F. Ashari, “The Evaluation of Image Messages in MP3 Audio Steganography Using Modified Low-Bit Encoding,” Telematika, vol. 15, 2021.
R. Makalalag et al., “Kajian Implementasi Cross Site Request Forgery (Csrf) Pada Celah Keamanan Website,” J. Tek. Inform., vol. 12, no. 1, 2017.
Y. Putra, Y. Yuhandri, and S. Sumijan, “Meningkatkan Keamanan Web Menggunakan Algoritma Advanced Encryption Standard (AES) terhadap Seragan Cross Site Scripting,” J. Sistim Inf. dan Teknol., vol. 3, pp. 56–63, 2021, doi: 10.37034/jsisfotek.v3i2.44.
Rusdiana, C. Banta, and Sanusi, “Analisa Keamanan Website Terhadap Serangan Cross-Site Request Forgery (CSRF),” KANDIDATJurnal Ris. dan Inov. Pendidik., vol. 1, no. 1, pp. 21–29, 2019.
D. Hariyadi and F. E. Nastiti, “Analisis Keamanan Sistem Informasi Menggunakan Sudomy dan OWASP ZAP di Universitas Duta Bangsa Surakarta,” J. Komtika (Komputasi dan Inform., vol. 5, no. 1, pp. 35–42, 2021, doi: 10.31603/komtika.v5i1.5134.
D. Aryanti and J. N. Utamajaya, “ANALISIS KERENTANAN KEAMANAN WEBSITE MENGGUNAKAN METODE OWASP (OPEN WEB APPLICATION SECURITY PROJECT) PADA DINAS TENAGA KERJA,” J. Nas. Indones., vol. 1, no. 3, p. 6, 2021.
D. Dwi Cahyani, L. P. Windy Puspita Dewi, K. D. Rama Suryadi, and I. M. Edy Listartha, “Analisis Kerentanan Website Smp Negeri 3 Semarapura Menggunakan Metode Pengujian Rate Limiting Dan Owasp,” Inser. Inf. Syst. Emerg. Technol. J., vol. 2, no. 2, p. 106, 2022, doi: 10.23887/insert.v2i2.42936.
I. F. Ashari, “Graph Steganography Based On Multimedia Cover To Improve Security and Capacity,” in 2018 International Conference on Applied Information Technology and Innovation (ICAITI), 2018, no. April 2019, pp. 194–201.
I. F. Ashari, A. J. Aryani, and A. M. Ardhi, “DESIGN AND BUILD INVENTORY MANAGEMENT INFORMATION SYSTEM,” vol. 9, no. 1, pp. 27–35, 2022.
K. Subandi and V. I. Sugara, “Analisa Serangan Vulnerabilities Terhadap Server Selama Periode WFH di Masa Pandemi Covid-19 Sebagai Prosedur Mitigasi,” in Seminar Nasional Sains dan Teknologi, 2021, no. November.
I. F. Ashari, M. F. Zuhdi, M. T. Gagaman, and S. T. Denira, “Kolepa Mobile Application Development Based on Android Using SCRUM Method ( Case Study : Kolepa Minigolf and Coffe Shop ),” vol. 6, no. 1, pp. 104–112, 2022.
I. F. Ashari, M. Alfarizi, M. N. K, and M. A. H, “Vulnerability Analysis and Proven On The neonime . co Website Using OWASP ZAP 4 and XSpear,” J. Teknol. Komput. dan Sist. Inf., vol. 5, no. 2, pp. 75–81, 2022.
Y. Mulyanto and E. Haryanti, “ANALISIS KEAMANAN WEBSITE SMAN 1 SUMBAWA MENGGUNAKAN METODE VULNERABILITY ASESEMENT,” Jinteks, vol. 3, no. 3, pp. 394–400, 2021, [Online]. Available: https://smanika-sumbawabesar.sch.id.
Sahren, R. Ashari Dalimuthe, and M. Amin, “Penetration Testing Untuk Deteksi Vulnerability Sistem Informasi Kampus,” in Prosiding Seminar Nasional Riset Information Science (SENARIS), 2019, no. September, pp. 994–1001.
Downloads
Published
Issue
Section
License
The copyright of the article that accepted for publication shall be assigned to Jurnal Sisfokom (Sistem Informasi dan Komputer) and LPPM ISB Atma Luhur as the publisher of the journal. Copyright includes the right to reproduce and deliver the article in all form and media, including reprints, photographs, microfilms, and any other similar reproductions, as well as translations.
Jurnal Sisfokom (Sistem Informasi dan Komputer), LPPM ISB Atma Luhur, and the Editors make every effort to ensure that no wrong or misleading data, opinions or statements be published in the journal. In any way, the contents of the articles and advertisements published in Jurnal Sisfokom (Sistem Informasi dan Komputer) are the sole and exclusive responsibility of their respective authors.
Jurnal Sisfokom (Sistem Informasi dan Komputer) has full publishing rights to the published articles. Authors are allowed to distribute articles that have been published by sharing the link or DOI of the article. Authors are allowed to use their articles for legal purposes deemed necessary without the written permission of the journal with the initial publication notification from the Jurnal Sisfokom (Sistem Informasi dan Komputer).
The Copyright Transfer Form can be downloaded [Copyright Transfer Form Jurnal Sisfokom (Sistem Informasi dan Komputer).
This agreement is to be signed by at least one of the authors who have obtained the assent of the co-author(s). After submission of this agreement signed by the corresponding author, changes of authorship or in the order of the authors listed will not be accepted. The copyright form should be signed originally, and send it to the Editorial in the form of scanned document to sisfokom@atmaluhur.ac.id.