Evaluation of Security Vulnerabilities in the Single Submission Pengangkut System Using OWASP Top 10
Main Article Content
Abstract
International trade in the era of globalization has rapidly grown thanks to information and communication technology (ICT), but this also presents new challenges related to data security and user information protection. In Indonesia, the National Single Window (LNSW) utilizes the Single Submission Pengangkut web application to support international trade. Although this application plays an important role, potential security vulnerabilities could lead to data breaches and financial losses. This study aims to test the security vulnerabilities of the application using Penetration Testing methods based on the OWASP Top 10 standard. Testing was conducted using tools such as Nmap, Nessus, Kali Linux, and Burp Suite to identify and exploit vulnerabilities. The results of the testing revealed three vulnerabilities that did not pass the security test: Insecure Design, Vulnerable and Outdated Components, and Identification and Authentication Failures. Based on assessments using the Common Vulnerability Scoring System (CVSS), it was found that Insecure Design has a Medium vulnerability rating, while Vulnerable and Outdated Components and Identification and Authentication Failures fall under the info category, meaning they do not directly impact the application's security. To address these vulnerabilities, it is recommended to implement restrictions in the document input process, perform regular software updates, and implement multi-factor authentication (MFA). This study shows that applying the OWASP Top 10 as a guideline in penetration testing is effective for identifying and evaluating security vulnerabilities in the Single Submission Pengangkut web application.
Article Details
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
References
[2] D. Wiryany, S. Natasha, and R. Kurniawan, “Perkembangan Teknologi Informasi dan Komunikasi terhadap Perubahan Sistem Komunikasi Indonesia,” J. Nomosleca, vol. 8, no. 2, pp. 242–252, 2022, doi: 10.26905/nomosleca.v8i2.8821.
[3] L. HAWARI, “Pengaruh Keterlambatan Kapal Bagi Kegiatan Ekspor Impor Sub Divisi Hapag Lloyd Di Pt. Samudera Agencies Indonesia Semarang,” 2022.
[4] Tempo, “PDNS Lumpuh karena Serangan Ransomware, Data Terdampak Tidak Bisa Dipulihkan.” [Online]. Available: https://www.tempo.co/hukum/pdns-lumpuh-karena-serangan-ransomware-data-terdampak-tidak-bisa-dipulihkan--45597
[5] Tempo, “Kaleidoskop 2024: 6 Serangan Siber Besar di Indonesia.” [Online]. Available: https://www.tempo.co/hukum/kaleidoskop-2024-6-serangan-siber-besar-di-indonesia-1188275
[6] Kementerian Sekretariat Negara Republik Indonesia, “Evaluasi Peretasan PDNS, Presiden: Semua Data Nasional Harus Direkam Cadang.” [Online]. Available: https://setneg.go.id/baca/index/evaluasi_peretasan_pdns_presiden_semua_data_nasional_harus_direkam_cadang
[7] A. Elanda and R. L. Buana, “Analisis Keamanan Sistem Informasi Berbasis Website Dengan Metode Open Web Application Security Project (OWASP) Versi 4: Systematic Review,” CESS (Journal Comput. Eng. Syst. Sci., vol. 5, no. 2, p. 185, 2020, doi: 10.24114/cess.v5i2.17149.
[8] F. Tinambunan, A. Junaidi, and A. Mustika Rizki, “Pengujian Sistem Informasi Akademik Universitas X Melalui Pendekatan Penetration Testing Berdasarkan Owasp Top 10,” JATI (Jurnal Mhs. Tek. Inform., vol. 8, no. 1, pp. 1062–1069, 2024, doi: 10.36040/jati.v8i1.8920.
[9] N. Herawati, V. Budiyanto, and Uminingsih, “Analisis Keamanan Sebuah Domain Menggunakan Open Web Application Security Project (OWASP) Zap,” J. Teknol. Technoscientia, vol. 15, no. 2, pp. 27–36, 2023, doi: 10.34151/technoscientia.v15i2.4013.H. Setiawan, L. E. Erlangga, S. Siddiq, and Y. A. Gunawan, “Analisis Kerawanan Pada Aplikasi Website Menggunakan Standar OWASP Top 10 Untuk Penilaian Risk Rating,” Info Kripto, vol. 17, no. 1, pp. 15–21, 2023, doi: 10.56706/ik.v17i1.64.
[10] H. Setiawan, L. E. Erlangga, S. Siddiq, and Y. A. Gunawan, “Analisis Kerawanan Pada Aplikasi Website Menggunakan Standar OWASP Top 10 Untuk Penilaian Risk Rating,” Info Kripto, vol. 17, no. 1, pp. 15–21, 2023, doi: 10.56706/ik.v17i1.64.
[11] OWASP, “OWASP Top Ten.” [Online]. Available: https://owasp.org/www-project-top-ten/
[12] S. Margareth et al., “Uji Penetration Testing Web Server XYZ , Menggunakan Metode OWASP TOP 10 dan CVSS,” pp. 1173–1182, 2024.
[13] Hadid Syaifullah Albab, “Pemanfaatan Chatbot Whatsapp Sebagai Uji Analisis Statis Kerentanan Sistem Informasi Akademik Perguruan Tinggi Di Indonesia,” 2023.
[14] P. Rizkika, D. Juardi, and A. Susilo Yuda Irawan, “Analisis Keamanan Pada Aplikasi Himfo Berbasis Android Menggunakan Mobsf,” JATI (Jurnal Mhs. Tek. Inform., vol. 8, no. 4, pp. 5945–5952, 2024, doi: 10.36040/jati.v8i4.10051.