Electronic Theses and Dissertation

Perkembangan website saat ini berkembang begitu pesat, website bisa dimiliki oleh setiap orang baik individu maupun perusahaan. Begitu juga halnya dengan jurusan informatika FMIPA Universitas Syiah Kuala yang memiliki sebuah website dan dapat diakses dengan alamat informatika.ac.id. Website informatika merupakan pusat informasi resmi yang dapat diakses oleh siapa saja oleh karena itu harus dapat dipastikan keamanan bagi penggunanya. Oleh sebab itu dapat dilakukan pendeteksian celah keamanan menggunakan tools OWASP (Open Web Application Security Project) Top 10-2017 yang mampu mendeteksi 10 celah keamanan, diantaranya: Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities (XXE), Broken Access Control, Security Misconfiguration, Cross-Site Scripting (XSS), Insecure Deserialization, Using Components with Known Vulnerabilities, Insufficient Logging & Monitoring. Output dari hasil pendeteksian kemudian dianalisis sehingga dapat diketahui celah keamanan dan tingkat kerentanannya, dimana OWASP sendiri memiliki 4 tingkat kerentanan yaitu information, low, medium, dan high. Hasil penelitian ini menunjukan bahwa terdapat 3 resiko penyerangan medium(sedang) yaitu: Directory Browsing, Vulnerable JS Library, X-Frame-Options Header Not Set dan 5 resiko low (rendah) yaitu: Absence Of Anti-CSRF Tokens, Cross-Domain Javascript Source File Inclusion, Incomplete Or No Cache-Control Header Set, Secure Pages Include Mixed Content, X-Content-Type-Options Header Missing. Sehingga dapat diketahui bahwa tingkat kerentanan pada website Informatika adalah medium(sedang) dengan 3 celah keamanan yaitu Broken Acces Control 25%, Security Misconfiguration 62,5% dan Insecure Deserialization 12,5%.

Kata kunci: Vulnerability Scanner, OWASP ZAP, OWASP Top 10-2017 Celah Keamanan, Keamanan Website.

The development of the website is currently growing so rapidly, the website can be owned by everyone, both individuals and companies. Likewise, the informatics department of the Faculty of Mathematics and Natural Sciences, Syiah Kuala University, which has a website and can be accessed at the address informatika.ac.id. The informatics website is an official information center that can be accessed by anyone, therefore security must be ensured for its users. Therefore, it is possible to detect security vulnerabilities using the Top 10-2017 OWASP (Open Web Application Security Project) tools which are capable of detecting 10 security vulnerabilities, including: Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities (XXE), Broken Access Control , Security Misconfiguration, Cross-Site Scripting (XSS), Insecure Deserialization, Using Components with Known Vulnerabilities, Insufficient Logging & Monitoring. The output of the detection results is then analyzed so that security gaps and vulnerability levels can be known, where OWASP itself has 4 levels of vulnerability, namely information, low, medium, and high. The results of this study indicate that there are 3 medium attacks, namely: Directory Browsing, Vulnerable JS Library, X-Frame-Options Header Not Set and 5 low risks, namely: Absence Of Anti-CSRF Tokens, Cross-Domain Javascript Source File Inclusion, Incomplete Or No Cache-Control Header Set, Secure Pages Include Mixed Content, and X-Content-Type-Options Header Missing. So it can be seen that the level of vulnerability on the Informatics website is medium with 3 security holes, namely Broken Access Control 25%, Security Misconfiguration 62.5% and Insecure Deserialization 12.5%. Keywords: Vulnerability Scanner, OWASP ZAP, OWASP Top 10-2017 Security Vulnerabilities, Website Security.