Website Security Analysis Using the OWASP10 Method (Case Study: almumtazparfumebatam.store)
DOI:
https://doi.org/10.31316/jk.v8i1.6356Abstract
Al Mumtaz Parfume Batam is a perfume seller who is still doing business at home. To expand the scope of its business, an online store was created with the domain almumtazparfumebatam.store. Along with technological advances, the importance of security for a website is the main thing because it prevents attacks from irresponsible outsiders that can harm the ongoing business process. To find out how secure a website is against outside attacks, it is necessary to carry out a penetration testing (pentest) process where a tester simulates himself as an outsider trying to enter the network. This study aims to analyze and test the security of the almumtazparfumebatam.store website using the OWASP10 method in 2021. This method was chosen because it is always updated with information containing 10 attacks on the web that are often found. By doing this research, it is hoped that it can find possible security holes on the almumtazparfumebatam.store website and solutions to prevent them. With this research, it is also hoped that it can fix existing gaps so as to increase the security of the almumtazparfumebatam.store website and assist the website manager in preventing attacks that could be detrimental from irresponsible parties.
Keywords: Website, Penetration Testing, OWASP Top 10
References
BIBLIOGRAPHY
Bautista, E. C. R., & Parada, H. D. J. (2021). Guide of principles and good practices for software security testing in web applications for a private sector company. 2021 Congreso Internacional de Innovación y Tendencias En Ingeniería (CONIITI), 1–7.
Diwan, T. D. (2021). An investigation and analysis of cyber security information systems: latest trends and future suggestion. Information Technology in Industry, 9(2), 477–492.
Gregg, M., & Santos, O. (2022). CEH Certified Ethical Hacker Cert Guide. Pearson IT Certification.
Grimes, R. A. (2020). Hacking multifactor authentication. John Wiley & Sons.
Helmiawan, M. A., Firmansyah, E., Fadil, I., Sofivan, Y., Mahardika, F., & Guntara, A. (2020). Analysis of web security using open web application security project 10. 2020 8th International Conference on Cyber and IT Service Management (CITSM), 1–5.
Hoffman, C. J., Howell, C. J., Perkins, R. C., Maimon, D., & Antonaccio, O. (2024). Predicting new hackers’ criminal careers: A group-based trajectory approach. Computers & Security, 137, 103649.
Najera-Gutierrez, G., & Ansari, J. A. (2018). Web Penetration Testing with Kali Linux: Explore the methods and tools of ethical hacking with Kali Linux. Packt Publishing Ltd.
Neef, S., & Oudeh, M. (2024). Bringing UFUs Back into the Air With FUEL: A Framework for Evaluating the Effectiveness of Unrestricted File Upload Vulnerability Scanners. ArXiv Preprint ArXiv:2405.16619.
Oliver, D., & Randolph, A. B. (2022). Hacker definitions in information systems research. Journal of Computer Information Systems, 62(2), 397–409.
Prasad, K. S., Sekhar, K. R., & Rajarajeswari, P. (2018). An integrated approach towards vulnerability assessment & penetration testing for a web application. International Journal of Engineering and Technology (UAE), 7, 431–435.
Priyawati, D., Rokhmah, S., & Utomo, I. C. (2022). Website vulnerability testing and analysis of website application using OWASP. International Journal of Computer and Information System (IJCIS), 3(3), 142–147.
Ramos Flores, E. (2023). ZAP Proxy and OWASP Top 10. Computer Science;
Subana, B., Fadlil, A., & Sunardi, S. (2020). Web Server Security Analysis Using The OWASP Mantra Method: Web Server Security Analysis Using The OWASP Mantra Method. Jurnal Mantik, 4(1), 107–116.
Taherdoost, H. (2022). Understanding cybersecurity frameworks and information security standards—a review and comprehensive overview. Electronics, 11(14).
Vermeer, S., Trilling, D., Kruikemeier, S., & de Vreese, C. (2020). Online news user journeys: the role of social media, news websites, and topics. Digital Journalism, 8(9), 1114–1141.
Wen, S.-F., & Katt, B. (2023). A quantitative security evaluation and analysis model for web applications based on OWASP application security verification standard. Computers & Security, 135, 103532.
Woschek, M. (2015). Owasp cheat sheets. OWASP Foundation, 1–315.
Yamin, R. T. N., Suarjaya, I. M. A. D., & Pratama, I. P. A. E. (2022). Penetration Testing on the SISAKTI Application at Udayana University Using the OWASP Testing Guide Version 4. Jurnal Ilmiah Merpati (Menara Penelitian Akademika Teknologi Informasi), 10(3), 155. https://doi.org/10.24843/jim.2022.v10.i03.p04
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Bagus Surya Pradhana
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
-
The journal allow the authors to hold the copyright without restrictions and allow the authors to retain publishing rights without restrictions.
-
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-ShareAlike 4.0 International License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
This work is licensed under a Lisensi Creative Commons Atribusi-BerbagiSerupa 4.0 Internasional.