Analysis of Cross Site Request Forgery (CSRF) Attacks on West Lampung Regency Websites Using OWASP ZAP Tools

Ilham Firman Ashari(1*), Vina Oktarina(2), Ringgo Galih Sadewo(3), Salman Damanhuri(4)

(1) Institut Teknologi Sumatera
(2) Institut Teknologi Sumatera
(3) Institut Teknologi Sumatera
(4) Institut Teknologi Sumatera
(*) Corresponding Author

Abstract


Technological developments in the field of increasingly advanced computers and networks have caused many organizations to use web applications to provide business services. With the increasing popularity of the internet, the number of cyber-attacks has also increased. To overcome these negative impacts, the role of network security is very necessary. The Cross Site Request Forgery (CSRF) method is a penetration technique aimed at exploiting website security vulnerabilities and there is one tool commonly used to find security vulnerabilities on websites, namely OWASP ZAP. The research has succeeded in proving security vulnerabilities on the website of the West Lampung district by conducting attack simulations. From the results of the experiment, it was found that there were 12 alerts with low risk on the website of West Lampung Regency. In 12 alerts there are 53 URL pages that are vulnerable to attack.

Keywords


CSRF, OWASP, Vulnerabilities, Penetration, Website

Full Text:

PDF

References


I. F. Ashari, “Implementation of Cyber-Physical-Social System Based on Service Oriented Architecture in Smart Tourism Case Study : Bandung Natural Tourism,” J. Appl. Informatics Comput., vol. 4, no. 1, pp. 66–73, 2020.

S. S. Wanda, “Efektivitas Pemanfaatan Website Dalam Rangka Promosi Produk dan Peningkatan Penjualan Studi Kasus PT Amonindo Utama,” PROSISKO (Jurnal Pengemb. Ris. dan Obs. Sist. Komputer), vol. 4, no. 2, pp. 107–117, 2017, [Online]. Available: https://repository.nusamandiri.ac.id/index.php/repo/viewitem/14763.

I. F. Ashari, R. Banjarnahor, and D. R. Farida, “Application of Data Mining with the K-Means Clustering Method and Davies Bouldin Index for Grouping IMDB Movies,” vol. 6, no. 1, pp. 7–15, 2022.

I. F. Ashari, M. D. Satria, and M. Idris, “Parking System Optimization Based on IoT using Face and Vehicle Plat Recognition via Amazon Web Service and ESP-32 CAM ( Case Study : Institut Teknologi Sumatera ),” vol. 11, no. 2, pp. 137–153, 2022.

I. F. Ashari, “The Evaluation of Image Messages in MP3 Audio Steganography Using Modified Low-Bit Encoding,” Telematika, vol. 15, 2021.

R. Makalalag et al., “Kajian Implementasi Cross Site Request Forgery (Csrf) Pada Celah Keamanan Website,” J. Tek. Inform., vol. 12, no. 1, 2017.

Y. Putra, Y. Yuhandri, and S. Sumijan, “Meningkatkan Keamanan Web Menggunakan Algoritma Advanced Encryption Standard (AES) terhadap Seragan Cross Site Scripting,” J. Sistim Inf. dan Teknol., vol. 3, pp. 56–63, 2021, doi: 10.37034/jsisfotek.v3i2.44.

Rusdiana, C. Banta, and Sanusi, “Analisa Keamanan Website Terhadap Serangan Cross-Site Request Forgery (CSRF),” KANDIDATJurnal Ris. dan Inov. Pendidik., vol. 1, no. 1, pp. 21–29, 2019.

D. Hariyadi and F. E. Nastiti, “Analisis Keamanan Sistem Informasi Menggunakan Sudomy dan OWASP ZAP di Universitas Duta Bangsa Surakarta,” J. Komtika (Komputasi dan Inform., vol. 5, no. 1, pp. 35–42, 2021, doi: 10.31603/komtika.v5i1.5134.

D. Aryanti and J. N. Utamajaya, “ANALISIS KERENTANAN KEAMANAN WEBSITE MENGGUNAKAN METODE OWASP (OPEN WEB APPLICATION SECURITY PROJECT) PADA DINAS TENAGA KERJA,” J. Nas. Indones., vol. 1, no. 3, p. 6, 2021.

D. Dwi Cahyani, L. P. Windy Puspita Dewi, K. D. Rama Suryadi, and I. M. Edy Listartha, “Analisis Kerentanan Website Smp Negeri 3 Semarapura Menggunakan Metode Pengujian Rate Limiting Dan Owasp,” Inser. Inf. Syst. Emerg. Technol. J., vol. 2, no. 2, p. 106, 2022, doi: 10.23887/insert.v2i2.42936.

I. F. Ashari, “Graph Steganography Based On Multimedia Cover To Improve Security and Capacity,” in 2018 International Conference on Applied Information Technology and Innovation (ICAITI), 2018, no. April 2019, pp. 194–201.

I. F. Ashari, A. J. Aryani, and A. M. Ardhi, “DESIGN AND BUILD INVENTORY MANAGEMENT INFORMATION SYSTEM,” vol. 9, no. 1, pp. 27–35, 2022.

K. Subandi and V. I. Sugara, “Analisa Serangan Vulnerabilities Terhadap Server Selama Periode WFH di Masa Pandemi Covid-19 Sebagai Prosedur Mitigasi,” in Seminar Nasional Sains dan Teknologi, 2021, no. November.

I. F. Ashari, M. F. Zuhdi, M. T. Gagaman, and S. T. Denira, “Kolepa Mobile Application Development Based on Android Using SCRUM Method ( Case Study : Kolepa Minigolf and Coffe Shop ),” vol. 6, no. 1, pp. 104–112, 2022.

I. F. Ashari, M. Alfarizi, M. N. K, and M. A. H, “Vulnerability Analysis and Proven On The neonime . co Website Using OWASP ZAP 4 and XSpear,” J. Teknol. Komput. dan Sist. Inf., vol. 5, no. 2, pp. 75–81, 2022.

Y. Mulyanto and E. Haryanti, “ANALISIS KEAMANAN WEBSITE SMAN 1 SUMBAWA MENGGUNAKAN METODE VULNERABILITY ASESEMENT,” Jinteks, vol. 3, no. 3, pp. 394–400, 2021, [Online]. Available: https://smanika-sumbawabesar.sch.id.

Sahren, R. Ashari Dalimuthe, and M. Amin, “Penetration Testing Untuk Deteksi Vulnerability Sistem Informasi Kampus,” in Prosiding Seminar Nasional Riset Information Science (SENARIS), 2019, no. September, pp. 994–1001.




DOI: https://doi.org/10.32736/sisfokom.v11i2.1393

Refbacks

  • There are currently no refbacks.



Indexed By:

 



Creative Commons License
Jurnal Sisfokom (Sistem Informasi dan Komputer) has ISSN 2301-7988 and e-ISSN 2581-0588 which is published by Lembaga Penelitian dan Pengabdian Masyarakat (LPPM) ISB Atma Luhur under a Creative Commons Attribution-ShareAlike 4.0 International License.
Web Analytics Made Easy - StatCounter