More Web Proxy on the site http://driver.im/

research-article

In Deep Security Management Strategy: Vulnerability Assessment Within Educational Institution

Authors:

Syailendra Alzana Putra,

Muharman Lubis,

Rd. Rohmat SaedudinAuthors Info & Claims

ICECC '23: Proceedings of the 2023 6th International Conference on Electronics, Communications and Control Engineering

Pages 118 - 124

https://doi.org/10.1145/3592307.3592326

Published: 14 August 2023 Publication History

Abstract

Technology is developing rapidly along with the times; one example of technological developments is the development of the use of websites in daily activities. Many institutions and entities have utilized the use of websites to support their business processes. For example, one of the faculties of XYZ University has used a website to help with administrative activities. One of the websites of the faculties at XYZ University is the final assignment proposal dashboard website which contains plots of the final assignment supervisor and the title of the final assignment. However, with the development of a technology, the development of vulnerabilities or attacks against the technology also increases. Therefore, it is necessary to carry out a vulnerability assessment method to be able to find out the vulnerabilities that exist on a website and also solutions that can be implemented to overcome these vulnerabilities. In this study, a vulnerability assessment will be carried out on the XYZ University students' final project proposal dashboard website using Nmap and Acunetix tools. The accuracy level of nmap is 13.25%, while Acunetix has 100% accuracy with the results obtained after the vulnerability assessment process, namely there are 12 vulnerabilities on the XYZ University student final project proposal dashboard website with Nmap detecting 3 medium risk vulnerabilities and 1 low risk vulnerability while Acunetix managed to detect 2 medium risk vulnerabilities and 6 low risk vulnerabilities

References

[1]

Almaarif and M. Lubis, “Vulnerability Assessment and Penetration Testing (VAPT) Framework: Case Study of Government's Website,” Int. J. Adv. Sci. Eng. Inf. Technol., vol. 10, no. 5, pp. 1874–1880, 2020.

[2]

M. I. Alhari, H. Nuraliza, and A. A. N. Fajrillah, “Implementasi Aplikasi Smart City Pada Management Informasi Mitigasi Bencana Kekeringan,” J. Ilm. Teknol. Inf. Asia, vol. 16, no. 1, pp. 9–18, 2022.

[3]

Hatice Işık Özata, Önder Demir, and Buket Doğan, "Analysis of Patents in Cyber Security with Text Mining," International Journal of Computer Theory and Engineering vol. 13, no. 1, pp. 24-28, 2021.

[4]

Rania Hodhod, Shuangbao Wang, and Shamim Khan, "Cybersecurity Curriculum Development Using AI and Decision Support Expert System," International Journal of Computer Theory and Engineering vol. 10, no. 4, pp. 111-115, 2018.

[5]

M. Lubis and M. Kartiwi, “Privacy and trust in the Islamic perspective: Implication of the digital age,” 2013 5th Int. Conf. Inf. Commun. Technol. Muslim World, ICT4M 2013, no. August 2018, 2013.

[6]

F. Lubis and M. Lubis, “Network Fault Effectiveness and Implementation at Service Industry in Indonesia,” J. Phys. Conf. Ser., vol. 1566, no. 1, 2020,

[7]

EE Angel, “Web Vulnerability Scanners: A Case Study Angel Rajan, Emre Erturk Eastern Institute of Technology, Hawke's Bay,” no. 2016, 2017.

[8]

A. Zirwan, "Testing and Analysis of Website Security Using the Acunetix Vulnerability Scanner," Journal

[9]

J. Andress, The Basics of Information Security, 2nd ed., vol. 1. Elsevier, 2019.

[10]

M. Abomhara and GM Køien, “Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks,” J. Cyber Security. Car., vol. 4, pp. 65–88, 2015,

[11]

I. Malinich, V. Mesyura and I. Arseniuk, "Analysis of Traffic Usage by Scanning Computer Networks with Different Versions of Nmap", Visnyk of Vinnytsia Politechnical Institute, vol. 155, no. 2, pp. 92-97, 2021.

[12]

S. Jetty, Network Scanning Cookbook, 1st ed. Packt Publishing Ltd., 2018.

Digital Library

[13]

A. Slameto and L. Lukman, "Implementation of Openssh and Bash Script for Simultaneos Remote Access Client in STMIK Amikom Yogyakarta Laboratory", Respati, vol. 9, no. 27, pp. 23-32, 2017.

[14]

J. Wang and Z. Kissel, Introduction to Network Security Theory and Practice, 1st ed. Wiley, 2015.

Digital Library

[15]

M. Arman, "Design and Build FTP Server Security Using Secure Sockets Layer", INTEGRATION JOURNAL, vol. 9, no. 1, pp. 16-23, 2017.

[16]

A. Lavrenovs and G. Visky, “Exploring features of HTTP responses for the classification of devices on the Internet,” 27th Telecommun. Forum, TELFOR 2019, pp. 21–24, 2019

[17]

O. Dini, F. Sari, D. Kurniawati, and F. Muriyanto, "Server Optimization Using Docker Microservice Load Balancing on Telegram Bots," J. Innov. Res. Knowl., vol. 1, no. 7, 2021.

[18]

A. Mahrouqi, P. Tobin, S. Abdalla, and T. Kechadi, "Simulating SQL-Injection Cyber-Attacks Using GNS3," International Journal of Computer Theory and Engineering vol. 8, no. 3, pp. 213-217, 2016.

[19]

R. Mayasari, A. Ali Ridha, D. Juardi, and K. Ahmad Baihaqi, "Vulnerability Analysis on the Singaperbangsa Karawang University Website using Acunetix Vulnerability," Systematics, vol. 2, no. 1, p. 33, 2020.

[20]

M. Habibi, MA Fazli, and A. Movaghar, "Efficient distribution of requests in federated cloud computing environments utilizing statistical multiplexing," Futur. gene. Comput. syst., vol. 90, pp. 451–460, 2019

[21]

J. Kälkäinen, “Collection and analysis of malicious SSH traffic in Oulu University network,” 2018,

[22]

A. Sadiq, “A review of phishing attacks and countermeasures for internet of things-based smart business applications in industry 4.0,” Hum. Behav. Emerg. Technol., vol. 3, no. 5, pp. 854–864, 2021.

[23]

T. Lauinger, A. Chaabane, S. Arshad, W. Robertson, C. Wilson, and E. Kirda, “Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web,” no. September, 2017.

[24]

WJ Buchanan, S. Helme, and A. Woodward, “Analysis of the adoption of security headers in HTTP,” IET Inf. Secur., vol. 12, no. 2, pp. 118–126, 2018 .

Digital Library

[25]

G. Franken, T. Van Goethem, and W. Joosen, “Who left open the cookie jar? A comprehensive evaluation of third-party cookie policies,” Proc. 27th USENIX Security. Symp., pp. 151–168, 2018.

[26]

S. Khodayari and G. Pellegrino, “The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies,” Proc. - IEEE Symp. Secur. private, vol. 2022-May, pp. 1590–1607, 2022.

[27]

Y. Takata, D. Ito, H. Kumagai, and M. Kamizono, “Risk analysis of cookie sharing by link decoration and cname cloaking,” J. Inf. Process., vol. 29, no. July 2020, pp. 649–656, 2021

[28]

D. Fett, R. Kusters, and G. Schmitz, “The Web SSO Standard OpenID Connect: In-depth Formal Security Analysis and Security Guidelines,” Proc. - IEEE Comput. Secur. Found. Symp., pp. 189–202, 2017

[29]

L. Uden, I. -H. Ting, and K. Wang, Knowledge Management in Organizations. 2021.

[30]

I. Dolnak and J. Litvik, “Introduction to HTTP security headers and implementation of HTTP strict transport security (HSTS) header for HTTPS enforcing,” ICETA 2017 - 15th IEEE Int. Conf. Emerg. eLearning Technol. appl. Proc., pp. 1–4, 2017,

[31]

N. Park, K. Sun, S. Foresti, K. Butler, and N. Saxena, Security and Privacy in Communication Networks Part 1. 2020.

[32]

G. Gou, Q. Bai, G. Xiong, and Z. Li, "Discovering abnormal behaviors via HTTP header fields measurement", Concurrency and Computation: Practice and Experience, vol. 29, no. 20, p. e3926, 2016.

Cited By

Asasfeh AAlnawayseh SAbdElkareem RSalahat M(2024)Human Factors In Security Management: Understanding And Mitigating Insider Threats2024 2nd International Conference on Cyber Resilience (ICCR)10.1109/ICCR61006.2024.10532956(1-10)Online publication date: 26-Feb-2024
https://doi.org/10.1109/ICCR61006.2024.10532956

Index Terms

In Deep Security Management Strategy: Vulnerability Assessment Within Educational Institution
1. Networks
  1. Network architectures
2. Security and privacy
  1. Formal methods and theory of security
  2. Network security

Recommendations

Security Vulnerability Analysis using Penetration Testing Execution Standard (PTES): Case Study of Government's Website
ICECC '23: Proceedings of the 2023 6th International Conference on Electronics, Communications and Control Engineering

The rapid development of technology has impacted various aspects of life, including the way individuals, organizations, and governments deliver accurate, effective, and efficient information. XYZ local government, which is responsible for serving the ...
Automatic software vulnerability assessment by extracting vulnerability elements
Abstract
Software vulnerabilities take threats to software security. When faced with multiple software vulnerabilities, the most urgent ones need to be fixed first. Therefore, it is critical to assess the severity of vulnerabilities in advance. However, ...
Highlights
- Using vulnerability elements extracted from vulnerability description with BERT-MRC for vulnerability assessment.
- We constructed a vulnerability elements dataset with seven vulnerability elements.
- The experimental results show that ...
Common Vulnerability Scoring System

Vendors have historically used proprietary methods for scoring software vulnerabilities, usually without detailing their criteria or processes. The Common Vulnerability Scoring System (CVSS) is a public initiative designed to address this issue by ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICECC '23: Proceedings of the 2023 6th International Conference on Electronics, Communications and Control Engineering

March 2023

316 pages

ISBN:9798400700002

DOI:10.1145/3592307

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 August 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICECC 2023

ICECC 2023: 2023 The 6th International Conference on Electronics, Communications and Control Engineering

March 24 - 26, 2023

Fukuoka, Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
58
Total Downloads

Downloads (Last 12 months)29
Downloads (Last 6 weeks)2

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Asasfeh AAlnawayseh SAbdElkareem RSalahat M(2024)Human Factors In Security Management: Understanding And Mitigating Insider Threats2024 2nd International Conference on Cyber Resilience (ICCR)10.1109/ICCR61006.2024.10532956(1-10)Online publication date: 26-Feb-2024
https://doi.org/10.1109/ICCR61006.2024.10532956

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents