Security Assessment Using Nessus Tool to Determine Security Gaps on the Repository Web Application in Educational Institutions
DOI:
https://doi.org/10.18196/eist.128Keywords:
Security Assessment, Vulnerability Assessment and Penetration Testing, and NessusAbstract
This research aims to determine security holes and risks that may arise in the educational institution’s repository web application. The repository web application contains research data, journals, articles, and papers from lecturers and students at the institution. This web application does not yet have documentation about security holes and risks in it. It causes a sense of concern on the part of educational institutions. Therefore, it is necessary to have a security assessment to conduct a risk-oriented assessment that might occur if an attack is attempted. The Vulnerability Assessment and Penetration Testing (VAPT) method was utilized to conduct a security assessment and test educational institutions’ repository web application. Several vulnerabilities found with the Nessus tool could still be exploited and resulted in findings in legal access rights when the researchers performed a test simulation on the repository web application. This research was used as a report to the educational institution, particularly as a material for the evaluation process to increase its web application security. This research was carried out within the educational institution environment. Hence, it did not fully describe the possibility of actual attacks originating from outside the educational institution environment.
References
E. Indrayani, “Pengelolaan Sistem Informasi Berbasis Teknologi Informasi dan Komunikasi (TIK ) [Management of Information Systems Based on Information and Communication Technology],” vol. 12, no. 1, pp. 45–60, 2011.
A. Abdel-Aziz, “Scoping Security Assessments - A Project Management Approach,” Security, 2011.
D. Dalalana Bertoglio and A. F. Zorzo, “Overview and open issues on penetration test,” J. Brazilian Comput. Soc., vol. 23, no. 1, pp. 1–16, 2017.
J. N. Goel and B. M. Mehtre, “Vulnerability Assessment & Penetration Testing as a Cyber Defence Technology,” Procedia Comput. Sci., vol. 57, pp. 710–715, 2015.
P. S. Shinde and S. B. Ardhapurkar, “Cyber Security Analysis Using Vulnerability Assessment and Penetration Testing,” IEEE Spons. World Conf. Futur. Trends Res. Innov. Soc. Welf. (Startup Conclave), pp. 1–5, 2016.
H. Kumar, Learning Nessus for Penetration Testing. 2014.
I. Mukhopadhyay, S. Goswami, and E. Mandal, “Web Penetration Testing using Nessus and Metasploit Tool,” IOSR J. Comput. Eng., vol. 16, no. 3, pp. 126–129, 2014.
B. C. Hidayanto, “Evaluasi Keamanan Aplikasi Sistem Informasi Menggunakan Framework VAPT (Studi Kasus : SISTER Universitas Jember) [Information System Application Security Evaluation Using VAPT Framework (Case Study: SISTER, University of Jember)],” 2017.
A. M. A. Yuhaz, “Risk Management Aset Teknologi Informasi Menggunakan Framework OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation) dan FMEA (Failure Mode and Effect Analysis) di Institusi Pendidikan [Information Technology Asset Risk Management Using the OCTAVE Framework (Operationally Critical Threat, Asset and Vulnerability Evaluation) and FMEA (Failure Mode and Effect Analysis) in educational institutions],” Universitas Muhammadiyah Yogyakarta, 2018.
M. Oni, “Analisis Penggunaan Kriptografi dalam Online Banking [Analysis of the Use of Cryptography in Online Banking],” Anal. Pengguna. Kriptografi dalam Online Bank., no. 13508031, pp. 1–8, 2011.
S. Puangpronpitag and N. Masusai, “An efficient and feasible solution to ARP Spoof problem,” 2009 6th Int. Conf. Electr. Eng. Comput. Telecommun. Inf. Technol., vol. 02, pp. 910–913, 2009.
A. Karawash, S. Ontario, S. Computing, I. Platform, I. C. View, and A. Karawash, “Brute Force Attack,” no. November 2015, 2016.
S. Land and M. Breininger, “United States Patent,” vol. 1, no. 16, 2002.
S. Granger, “Social Engineering Fundamentals, Part I: Hacker Tactics | Symantec Connect,” Soc. Eng. Fundam., vol. 1527, 2001.
Downloads
Published
Issue
Section
License
Copyright
The author should be aware that by submitting an article to this journal, the article's copyright will be fully transferred to journal of Emerging Information Science and Technology. Authors are allowed to resend their manuscript to other journals or intentionally withdraw the manuscript only if both parties (journal of Emerging Information Science and Technology and Authors) have agreed on the issue. Once the manuscript has been published, authors are allowed to use their published article under journal of Emerging Information Science and Technology's copyrights.
All authors are required to deliver the agreement of license transfer once they submit the manuscript to journal of Emerging Information Science and Technology. By signing the agreement, the copyright is attributed to this journal to protect the intellectual material for the authors. Authors are allowed to share, copy and redistribute the material in any medium and in any circumstances to give appropriate credit and wide readership to the work.
License
Articles published in the journal of Emerging Information Science and Technology are licensed under an Attribution 4.0 International (CC BY 4.0) license. You are free to:
- Share — copy and redistribute the material in any medium or format.
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
This license is acceptable for Free Cultural Works. The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms:
- Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
