Analisis Kerentanan Aplikasi Web E-commerce Berdasarkan Standar OWASP Top 10: Studi Kasus pada Situs Kopi Lampung Nusantara

Agiska Ria Supriyatna, Imam Asrowardi, Septafiansyah Dwi Putra, Eko Subyantoro

Abstract


Penelitian ini bertujuan untuk menganalisis kerentanan keamanan pada aplikasi web e-commerce Kopi Lampung Nusantara menggunakan standar Open Web Application Security Project (OWASP) sebagai acuan utama. Standar OWASP Top 10 diterapkan untuk mengidentifikasi jenis-jenis kerentanan paling umum yang memiliki risiko tinggi terhadap aplikasi web. Metode penelitian melibatkan pengujian penetrasi yang bertujuan untuk mengungkap potensi celah keamanan yang dapat mengancam keamanan data pengguna serta integritas sistem. Hasil pengujian menunjukkan adanya beberapa kerentanan kritis, termasuk PII Disclosure yang berisiko terhadap privasi pengguna, absennya Anti-CSRF Tokens yang meningkatkan risiko serangan Cross-Site Request Forgery (CSRF), serta kurangnya header keamanan seperti Content Security Policy (CSP) dan X-Content-Type-Options. Temuan ini menggarisbawahi pentingnya penerapan standar keamanan OWASP dalam pengembangan dan pemeliharaan aplikasi web, terutama pada sektor e-commerce yang rentan terhadap serangan siber.

Keywords


kerentanan keamanan; OWASP; e-commerce; pengujian penetrasi; aplikasi web.

Full Text:

PDF

References


S. A. Kumar and Y. U. Rani, “Implementation and analysis of web application security measures using OWASP Guidelines,” 2022 Int. Conf. Recent Trends Microelectronics, Autom. Comput. Commun. Syst., pp. 182-187, 2022. DOI: 10.1109/ICMACC54824.2022.10093657.

M. Srivastava, A. Raghuvanshi, and D. Khandelwal, “Security and scalability of e-commerce website by OWASP threats,” 2023 6th Int. Conf. Inf. Syst. Comput. Networks (ISCON), pp. 1-8, 2023. DOI: 10.1109/ISCON57294.2023.10111955.

T. Petranović and N. Zaric, “Effectiveness of using OWASP TOP 10 as AppSec standard,” 2023 27th Int. Conf. Inf. Technol. (IT), pp. 1-4, 2023. DOI: 10.1109/IT57431.2023.10078626.

Y. Wijaya, “Web-based dashboard for monitoring penetration testing activities based on OWASP standards,” J. Teknol. Inf. dan Komunikasi, vol. 6, no. 1, pp. 36-41, 2020. DOI: 10.26555/jiteki.v16i1.17019.

O. B. Fredj, O. Cheikhrouhou, M. Krichen, H. Hamam, and A. Derhab, “An OWASP Top Ten driven survey on web application protection methods,” TechRxiv, pp. 235-252, 2020. DOI: 10.36227/techrxiv.13265180.

K. D. D. Ayunda, A. Widjajarto, and A. Budiono, “Implementation and analysis ModSecurity on web-based application with OWASP standards,” J. Teknol. Inf. dan Komunikasi, vol. 8, no. 3, pp. 1638-1650, 2021. DOI: 10.35957/JATISI.V8I3.1223.

J. Li, “Vulnerabilities mapping based on OWASP-SANS: A survey for static application security testing (SAST),” ArXiv, vol. abs/2004.03216, 2020. DOI: 10.33166/AETiC.2020.03.001.

T. D. Sobola, P. Zavarsky, and S. Butakov, “Experimental study of ModSecurity web application firewalls,” 2020 IEEE Int. Conf. Big Data Secur. Cloud (BigDataSecurity), IEEE Int. Conf. High Perform. Smart Comput. (HPSC), IEEE Int. Conf. Intell. Data Secur. (IDS), pp. 209-213, 2020. DOI: 10.1109/BigDataSecurity-HPSC-IDS49724.2020.00045.

V. Tan, C. Cheh, and B. Chen, “From Application Security Verification Standard (ASVS) to regulation compliance: A case study in financial services sector,” 2021 IEEE Int. Symp. Softw. Reliab. Eng. Work. (ISSREW), pp. 69-76, 2021. DOI: 10.1109/ISSREW53611.2021.00046.

L. G. Petkova, “HTTP security headers,” Knowledge - Int. J., 2019. DOI: 10.35120/kij3003701p.

J. R. B. Higuera, J. B. Higuera, J. A. M. Sicilia, J. C. Villalba, and J. P. Nombela, “Benchmarking approach to compare web applications static analysis tools detecting OWASP top ten security vulnerabilities,” Computers, Mater. & Continua, 2020. DOI: 10.32604/cmc.2020.010885.

A. Sołtysik-Piorunkiewicz and M. Krysiak, “The cyber threats analysis for web applications security in Industry 4.0,” Springer, pp. 127-141, 2020. DOI: 10.1007/978-3-030-40417-8_8.

M. Srivastava et al., “Security and scalability of e-commerce website by OWASP threats,” 2023 6th Int. Conf. Inf. Syst. Comput. Networks (ISCON), pp. 1-8, 2023.

S. A. Kumar and Y. U. Rani, “Implementation and analysis of web application security measures using OWASP Guidelines,” 2022 Int. Conf. Recent Trends Microelectronics, Autom. Comput. Commun. Syst., pp. 182-187, 2022.

T. Petranović and N. Zaric, “Effectiveness of using OWASP TOP 10 as AppSec standard,” 2023 27th Int. Conf. Inf. Technol. (IT), pp. 1-4, 2023.

O. B. Fredj et al., “An OWASP Top Ten driven survey on web application protection methods,” TechRxiv, pp. 235-252, 2020.

K. D. D. Ayunda et al., “Implementation and analysis ModSecurity on web-based application with OWASP standards,” J. Teknol. Inf. dan Komunikasi, vol. 8, no. 3, pp. 1638-1650, 2021.

J. Li, “Vulnerabilities mapping based on OWASP-SANS: A survey for static application security testing (SAST),” ArXiv, vol. abs/2004.03216, 2020.

L. G. Petkova, “HTTP security headers,” Knowledge - Int. J., 2019.




DOI: http://dx.doi.org/10.36448/expert.v14i2.4034

Refbacks

  • There are currently no refbacks.


EXPERT: Jurnal Manajemen Sistem Informasi dan Teknologi

Published by Pusat Studi Teknologi Informasi, Fakultas Ilmu Komputer, Universitas Bandar Lampung
Gedung M Lt.2 Pascasarjana Universitas Bandar Lampung
Jln Zainal Abidin Pagaralam No.89 Gedong Meneng, Rajabasa, Bandar Lampung,
LAMPUNG, INDONESIA

Indexed by:



Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.