UNIPDU Campus Website Security Analysis Through Vulnerability Assessment (VA) Method with Acunetix Tools Assistance

Article Sidebar

pdf (Indonesian)
Published: 2025-05-01
DOI: https://doi.org/10.34010/komputa.v14i1.14693
Keywords:
Website, Vulnerability Assessment (VA), Acunetix, Security, Unipdu

Main Article Content

Moh Rizki Syaifudin
Universitas Pesantren Tinggi Darul Ulum
Mohamad Ali Murtadho
Universitas Pesantren Tinggi Darul Ulum
Moh Shohibul Wafa
Universitas Pesantren Tinggi Darul Ulum
Mukhamad Masrur
Universitas Pesantren Tinggi Darul Ulum

Abstract

Amidst the rapid development of technology, website vulnerabilities are a major threat, opening up opportunities for hackers to hunt and steal important data. Web applications are a technological innovation that not only facilitates access to information on the Unipdu Jombang campus, but also functions as the main link in the information system, even though they have to face major challenges in maintaining its security. By using the Vulnerability Assessment (VA) approach that utilizes Acunetix technology, this study attempts to assess the weaknesses of the Unipdu Jombang campus website and offers suggestions for improving its security. The main domain of the website is the focus of the study, which uses automated testing methodology to find vulnerabilities that could be exploited. Many vulnerabilities were found by the test results, including the use of reverse proxy detected, using cloud services such as CloudFlare, and TLS/SSL certificates that are almost expired. Through reports from scans that comply with the OWASP Top 10 2021 guidelines on Acunetix tools, 2 groups of vulnerability categories were found, including: (A05) security misconfiguration and (A06) Vulnerable and Outdated Components. It is hoped that these efforts will improve data security and thwart various threats. The results of this study provide important information for Unipdu website developers, including the need to update SSL certificates and suggest scanning on internal versions of web applications without active WAF. These findings not only strengthen system security, but also help campuses maintain user trust while also being a guide for the development of more reliable and secure information systems in the future.

Article Details

Issue

Vol. 14 No. 1 (2025): Komputa : Jurnal Ilmiah Komputer dan Informatika

Section

Articles

Penulis yang menerbitkan dengan jurnal ini setuju pada persyaratan berikut ini:

  1. Penulis menyimpan hak cipta dan memberikan jurnal hak penerbitan pertama, dengan pekerjaan 6 bulan setelah penerbitan secara simultan dengan lisensi di bawah: Creative Commons Attribution License yang memudahkan yang lain untuk berbagi karya dengan pengakuan penerbitan awal dan kepenulisan karya di jurnal ini.
  2. Penulis bisa memasukkan ke dalam penyusunan kontraktual tambahan terpisah untuk distribusi non-ekslusif versi kaya terbitan jurnal (contoh: mempostingnya ke repositori institusional atau menerbitkannya dalam sebuah buku), dengan pengakuan penerbitan awalnya di jurnal ini.
  3. Penulis diizinkan dan didorong untuk mem-posting karya mereka online (contoh: di repositori institusional atau di website mereka) sebelum dan selama proses penyerahan, karena dapat mengarahkan ke pertukaran produktif, seperti halnya sitiran yang lebih awal dan lebih hebat dari karya yang diterbitkan. (Lihat Efek Akses Terbuka).

How to Cite

UNIPDU Campus Website Security Analysis Through Vulnerability Assessment (VA) Method with Acunetix Tools Assistance. (2025). Komputa : Jurnal Ilmiah Komputer Dan Informatika, 14(1), 21-32. https://doi.org/10.34010/komputa.v14i1.14693

References

[1] A. Zaini dan R. Wijanarko, “Jurnal Informatika dan Rekayasa Perangkat Lunak Analisis Keamanan Website Menggunakan Standar Keamanan Open Web Application Security Project (OWASP) Studi Kasus Website Penerimaan Mahasiswa Baru Universitas Wahid Hasyim Semarang,” vol. 5, no. 2, 2023.

[2] najwashihab, “Indonesia (Terlalu) Sering Diretas. Sederet Kasus Peretasan Terhadap Kementerian/Lembaga Negara,” https://www.instagram.com/najwashihab?utm_source=ig_web_button_share_sheet&igsh=ZDNlZDc0MzIxNw%3D%3D. Diakses: 27 November 2024. [Daring]. Tersedia pada: https://www.instagram.com/p/C8vujPnyf6s/?utm_source=ig_web_copy_link&igsh=MzRlODBiNWFlZA%3D%3D

[3] I. Riadi, A. Yudhana, dan Y. W, “Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment,” J. Teknol. Inf. dan Ilmu Komput., vol. 7, no. 4, hal. 853–860, 2020, doi: 10.25126/jtiik.2020701928.

[4] M. S. Ummah, Belajar Pemrograman Web Dasar HTML, CSS & Skrip Java Untuk Pemula, vol. 11, no. 1. 2019.. Tersedia pada: http://scioteca.caf.com/bitstream/handle/123456789/1091/RED2017-Eng-8ene.pdf?sequence=12&isAllowed=y%0Ahttp://dx.doi.org/10.1016/j.regsciurbeco.2008.06.005%0Ahttps://www.researchgate.net/publication/305320484_SISTEM_PEMBETUNGAN_TERPUSAT_STRATEGI_MELESTARI

[5] PT Widya Adijaya Nusantara, “B2B Sangat Membutuhkan Penetration Testing,” widyasecurity.com. Diakses: 27 November 2024. [Daring]. Tersedia pada: https://widyasecurity.com/tag/penetration-testing/page/12/

[6] C. Darmawan, J. Panda, P. Naibaho, dan A. De Kweldju, “Edumatic: Jurnal Pendidikan Informatika Penerapan Metode Vulnerability Assessment untuk Identifikasi Keamanan Website berdasarkan OWASP ID Tahun 2021,” vol. 8, no. 1, hal. 272–281, 2024, doi: 10.29408/edumatic.v8i1.25834.

[7] M. Yaqi, Vulnerability Assessment dan Penetration Testing (Vapt) Menggunakan Metode Zero Entry Hacking (Zeh) Terhadap Website Studi Kasus: Dinas Penanaman Modal …. 2023. Tersedia pada: https://repository.uinjkt.ac.id/dspace/handle/123456789/73422%0Ahttps://repository.uinjkt.ac.id/dspace/bitstream/123456789/73422/1/MUHAMMAD YAQI-FST.pdf

[8] N. Hayaty, “Buku Ajar: Sistem Keamanan,” hal. 1–99, 2020.

[9] Mira Orisa dan M. Ardita, “Vulnerability Assessment Untuk Meningkatkan Kualitas Keamanan Web,” J. Mnemon., vol. 4, no. 1, hal. 16–19, 2021, doi: 10.36040/mnemonic.v4i1.3213.

[10] I. O. Riandhanu, “Analisis Metode Open Web Application Security Project (OWASP) Menggunakan Penetration Testing pada Keamanan Website Absensi,” J. Inf. dan Teknol., vol. 4, no. 3, hal. 160–165, 2022, doi: 10.37034/jidt.v4i3.236.

[11] M. I. Fadillah, U. Yunan, K. S. Yanto, dan M. Fathinuddin, “Analisis Security Mitigation dengan Metode Vulnerability Assessment and Penetration Testing (VAPT) (Kasus Website Kerja Praktek dan Pengabdian Masyarakat),” J. Sains Komput. Inform. (J-SAKTI, vol. 7, no. 2, hal. 753–764, 2023.

[12] A. Zirwan, “Pengujian dan Analisis Keamanan Website Menggunakan Acunetix Vulnerability Scanner,” J. Inf. dan Teknol., vol. 4, no. 1, hal. 70–75, 2022, doi: 10.37034/jidt.v4i1.190.

[13] J. T. Santoso, Hacker dengan Linux. 2022.

[14] F. C. B. Wicaksono dan I. M. Suartana, “Deteksi Serangan Denial Of Service (DoS) pada Cloud Menggunakan Security Onion,” JINACS (Journal Informatics Comput. Sci., vol. 5, no. 1, hal. 111–118, 2023.

[15] F. Al Fajar, “Analisis Keamanan Aplikasi Web Prodi Teknik Informatika Uika Menggunakan Acunetix Web Vulnerability,” Inova-Tif, vol. 3, no. 2, hal. 110, 2020, doi: 10.32832/inova-tif.v3i2.4127.

[16] owasp.org, “OWASP Top 10:2021,” https://owasp.org/. Diakses: 27 November 2024. [Daring]. Tersedia pada: https://owasp.org/Top10/id