Search for collections on EPrints Repository UNTIRTA

+ Advanced search

AUDIT KEAMANAN SISTEM INFORMASI AKADEMIK MENGGUNAKAN COBIT 5 PADA UNIVERSITAS SULTAN AGENG TIRTAYASA

Romadhona, Nurfitriani (2024) AUDIT KEAMANAN SISTEM INFORMASI AKADEMIK MENGGUNAKAN COBIT 5 PADA UNIVERSITAS SULTAN AGENG TIRTAYASA. S1 thesis, Fakultas Teknik Universitas Sultan Ageng Tirtayasa.

[img] Text
Nurfitriani Romadhona_3332180052_fulltext.pdf
Download (3MB)
[img] Text
Nurfitriani Romadhona_3332180052_01.pdf
Download (858kB)
[img] Text
Nurfitriani Romadhona_3332180052_02.pdf
Download (672kB)
[img] Text
Nurfitriani Romadhona_3332180052_03.pdf
Download (203kB)
[img] Text
Nurfitriani Romadhona_3332180052_04.pdf
Download (1MB)
[img] Text
Nurfitriani Romadhona_3332180052_05.pdf
Download (299kB)
[img] Text
Nurfitriani Romadhona_3332180052_Ref.pdf
Download (197kB)
[img] Text
Nurfitriani Romadhona_3332180052_Lamp.pdf
Download (1MB)
[img] Text (SKRIPSI)
Nurfitriani Romadhona_3332180052_CP.pdf
Restricted to Registered users only
Download (13MB)

Abstract

Information technology is widely used by organizations such as industry, government, and education. Information technology security threats are one of the most serious problems these days. Academic information system is a system for managing data and academic activities, because the use of this website is important and also has vulnerabilities that can be detrimental, such as: SQL injection attacks, XSS, Man-in-the-Middle and others. Therefore, it is necessary to find out vulnerabilities through penetration testing methods using the ISSAF framework and with audits based on COBIT 5. The results of vulnerability testing on Vega and OwasP Zap revealed several vulnerabilities, namely Sesion Cookie without HTTPOnly Flag, Session Cookie without Secure Flag, Session Cookie without Samesite Attribute, Client Cipher-suite Preference, Directory Listing, Missing Anti Click-jacking, SQL Injection, Absence of Anti CSRF tokens, X-Powered-By and Server HTTP Response Header Field, Strict-Transport-Security, Timestamp Disclosure-UNIX and X-Content-Type-Options. The COBIT 5 test results for domains APO13 and DSS05 are currently at level 3 established process, while the expected is at level 5 optimizing process. With gaps of 2 and 1,57 respectively. The simulation results using the Sqlmap tool by adding SQL injection to the website were unsuccessful because the security has been improved.

Item Type: Thesis (S1)
Contributors:
ContributionContributorsNIP/NIM
Thesis advisorPRAPTODIYONO, SUPRIYANTO197605082003121002
Thesis advisorFUAD, ANIS198009082006041002
Additional Information: Teknologi informasi banyak digunakan oleh organisasi seperti industri, pemerintahan, dan pendidikan. Ancaman keamanan teknologi informasi merupakan salah satu permasalahan paling serius akhir-akhir ini. Sistem informasi akademik merupakan suatu sistem pengelolaan data dan kegiatan akademik, karena penggunaan website ini penting dan juga memiliki kerentanan yang dapat merugikan, seperti: serangan SQL injection, XSS, Man-in-the-Middle dan lain-lain. Oleh karena itu, perlu mengetahui kerentanan melalui metode pengujian penetrasi menggunakan framework ISSAF dan dengan audit berdasarkan COBIT 5. Hasil pengujian kerentanan pada Vega dan Owasp Zap memperoleh beberapa kerentanan yaitu Sesion Cookie without HTTPOnly Flag, Session Cookie without Secure Flag, Session Cookie without Samesite Attribute, Client Cipher-suite Preference, Directory Listing, Missing Anti Click-jacking, SQL Injection, Absence of Anti CSRF tokens, X-Powered-By and Server HTTP Response Header Field, Strict-Transport-Security, Timestamp Disclosure-UNIX and X-Content-Type-Options. Hasil pengujian COBIT 5 untuk domain APO13 dan DSS05 saat ini berada di level 3 established process, sedangkan yang diharapkan berada di level 5 optimising process. Dengan masing-masing gap sebesar 2 dan 1,57. Hasil simulasi menggunakan tools Sqlmap dengan menambahkan injeksi SQL ke website tidak berhasil karena keamanannya telah ditingkatkan.
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
Divisions: 03-Fakultas Teknik
03-Fakultas Teknik > 20201-Jurusan Teknik Elektro
Depositing User: Mrs Nurfitriani Romadhona
Date Deposited: 11 Jan 2024 13:16
Last Modified: 11 Jan 2024 13:16
URI: http://eprints.untirta.ac.id/id/eprint/32094

Actions (login required)

View Item View Item