SERANGAN CROSS-SITE SCRIPTING (XSS) BERDASARKAN BASE METRIC CVSS V.2

Ahmad Sultan Hakim, Triawan Adi Cahyanto, Habibatul Aziza Al Faruk

Abstract


Site is a service on the internet domain consisting of 1 or more pages that can be accessed by people in cyberspace. Sites can be vulnerable to attacks that occur on their security systems, this security issue is often not paid attention and even ignored. This study creates a security mechanism on the blog site and SIA MAN 1 Jember. When a client accesses a real site, a security mechanism is created by redirecting it to the artificial site. Security mechanism testing is done by knowing the total number of attacks that have passed on the original , by carrying out xss attacks 16 times on the artificial site. This study also evaluates the level of weakness of the site against xss attacks based on the calculation of security metrics type CVSS version 2 with the category base metric group. This evaluation is to find out how vulnerable the site is to xss attacks based on the applied test scenario. The security mechanism method uses a proxy by configuring a firewall while the site evaluation uses CVSS v.2 calculation with the base metric group category. The results of testing the security mechanism can withstand xss attacks 16 times and do not affect the performance of original site. The site evaluation results were obtained for the highest level blog site with a base score of 4.758. Meanwhile, the highest level of the SIA MAN 1 Jember site is high with a base score of 7,042.

Full Text:

PDF

References


Hidayatullah, dan jauhari khairul. 2017. Pemograman WEB Edisi Revisi. Bandung : INFORMATIKA

Ariyus, Renati(ed). 2009. Keamanan Multimedia. Yogyakarta: ANDI Darmawan,Deden Hendra, dan Nita(ed). 2016. Desain dan Pemograman Website. Bandung:PT Remaja Rosdakarya Offset

Robby. 2013. “Analisis Web Vulnerability pada Portal Pemerintahan Kota Palembang Menggunakan Acunetix Vulnerability”. Universitas Bina Darma. Palembang, Indonesia.

Moazzam. 2013. “Security Metric Based Network Risk Assessment”. Georgia Institute of Technology. Atlanta, Georgia,

Amerika Serikat.

Zattu Mia. 2017. “Analisis Keamanan Website Menggunakan Metode Scanning Dan Perhitungan Security Metrik”. Universitas

Telkom. Bandung, Indonesia.

Mell, Scarfone, dan Romanosky. 2007. A Complete Guide to the Common Vulnerability Scoring System, di https://www.first.org/cvss/v2/guide (diakses pada 25 Maret 2020).

Alamsyah. 2011. “Implementasi Keamanan Instrusion Detection System (IDS) Dan Instrusion Prevention System (IPS) Menggunakan Clearos”. Teknik Elektro, Universitas Tadulako. Palu.

Fogie, Grossman, Hansen, Rager, and Petkov. 2007. XSS Attacks: Cross Site Scripting Exploits and Defense

Mulya, Beta Wahyu Retna dan Tarigan. 2018. “Pemeringkatan Risiko Keamanan Sistem Jaringan Komputer Politeknik Kota

Malang Menggunakan Cv ss dan Fmea”. POLITEKNIK. Malang. Indonesia.


Refbacks



Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.