Hasil Pencarian  ::  Simpan CSV :: Kembali

Abstrak :
Keamanan website adalah komponen penting untuk melindungi dan mengamankan situs web dan server. Situs Web dipindai untuk mengetahui kerentanan dan malware melalui perangkat lunak keamanan situs website. Kerentanan dalam teknologi informasi (IT), adalah cacat dalam kode atau desain yang menciptakan titik kompromi keamanan potensial untuk titik akhir atau jaringan. Kerentanan menciptakan kemungkinan vektor serangan, dimana penyusup dapat menjalankan kode atau mengakses memori sistem target. Tools OWASP-ZAP adalah fitur untuk melakukan penetration testing pada sebuah website. SCELE adalah salah satu platform yang disediakan Universitas Indonesia untuk mengakses info akademis. Dengan tool OWASP-ZAP pendeteksian kerentanan pada website SCELE dapat dilakukan serta analisa dari hasil kerentanan tersebut juga dapat disimpulkan agar dapat menjadi acuan untuk memperbaiki sistem SCELE yang telah ada. ......Website security is an important component to protect and secure websites and servers. The website is scanned to find out vulnerabilities and malware through website security software. Vulnerability in information technology (IT), is defect in code or design that creates a point of potential security compromise for endpoint or network. Vulnerability creates the possibility of an attack vector, where intruders can run code or access the target systems memory. The OWASP-ZAP tool is a feature for penetration testing of a website. Scele is one of the platform provided by University of Indonesia to access academic info. With OWASP-ZAP tool, vulnerability detection on the SCELE website can be done and and analysis of the result of these vulnerabilities can also be concluded to be reference to improve the existing SCELE system.

Abstrak :
Berkembang pesatnya teknologi informasi saat ini sejalan dengan berkembangnya aplikasi berbasis android dan website. Website umumnya digunakan sebagai media informasi dan komunikasi yang tentunya memiliki peran yang sangat penting. Namun, tidak menutup kemungkinan bahwa terdapat ancaman terkait dengan celah keamanan dari suatu website, baik kejahatan cyber, kebocoran data, pencurian data, dan merusak data maupun hanya ingin mengganggu system tersebut. Sebagai contoh pada website admin Digital Outlet yang merupakan pusat dari pengelolaan suatu website application. Dalam website admin tersebut telah tersimpan data dan informasi penting penggunanya yang bersifat sensitif. Maka, perlu adanya perhatian khusus terkait keamanan website tersebut. Pada penelitian ini akan dilakukan vulnerability assessment dan penetration testing pada situs website Digital Outlet menggunakan metode Information System Security Assessment Framework (ISSAF) dengan melakukan pengujian untuk mencari celah keamanan yang umum terjadi pada website tersebut, khususnya celah keamanan pada Broken Access Control, Cross Site Scripting (XSS), SQL Injection, dan sebagainya. Hasil dari penelitian analisis uji kerentanan yang diperoleh pada website Digital Outlet nantinya akan pergunakan untuk memperbaiki dan meningkatkan keamanan pada website tersebut serta menjadi salah satu referensi dalam memberikan rekomendasi terkait pengembangan framework Basic Development Framework (BDF) untuk management struktur rancang bangun suatu website yang baik dan aman.  ......The rapid development of information technology is currently in line with the development of Android-based applications and website. Website are generally used as a medium of information and communication which of course has a very important role. However, it is possible that there are threats related to the security gaps of a website, both cyber crime, data leaks, data theft, and damage to data or just wanting to disrupt the system. For example, on the Digital Outlet admin website, which is the center of managing a website application. The admin website has stored important sensitive data and information on its users. So, there needs to be special attention regarding the security of the website. In this research, vulnerability assessment dan penetration testing will be carried out on the Digital Outlet website using the Information System Security Assessment Framework (ISSAF) method by conducting tests to find security holes that commonly occur on the website, especially security holes in Broken Access Control, Cross Site Scripting (XSS), SQL Injection, and so on. The results of the vulnerability test analysis research obtained on the Digital Outlet website will later be used to improve and increase security on the website and become a reference in providing recommendations related to the development of the Basic Development Framework (BDF) framework for the management structure of a good website design and build safe.

Abstrak :
Kebutuhan terhadap Internet sudah sangat dirasakan, namun, akibat kurangnya kontrol dalam mengawasi kegiatan berselancar di dunia maya ini, menjadikan konten yang dapat merusak moral tersebar dengan sangat cepat dan begitu leluasa untuk diakses oleh setiap orang. Penelitian ini membahas Analisa dan Rancang Bangun Sistem Deteksi Cepat Konten Web Negatif Berbasis Teks Menggunakan Random Sampling dan Latent Semantic Analysis dengan Algoritma Singular Value Decomposition yang bertujuan untuk mengklasifikasikan website-website berkonten negatif dengan langkah awal melakukan penelusuran terhadap link-link pada suatu website dengan teknik crawling oleh program web crawler untuk mengumpulkan konten website yang berupa teks. Seluruh konten teks yang telah dikumpulkan selanjutnya akan diklasifikasikan menggunakan metode Latent Semantic Analysis dengan menerapkan algoritma Singular Value Decomposition untuk menunjukkan hasil klasifikasi yang mampu membedakan antara website berkonten negatif dengan konten non-negatif. Pengujian dilakukan dengan menggunakan metode full sampling dan random sampling untuk menentukan cara pendeteksian website berkonten negatif yang lebih cepat. Hasil pengujian pada penelitian ini menunjukkan bahwa metode Latent Semantic Analysis dengan algoritma Singular Value Decomposition berhasil mengklasifikasikan website berkonten negatif dengan batas persentase hasil klasifikasi sebesar 70% sebagai indikatornya, dan metode random sampling dengan pengambilan sample hanya 30% dari total telah berhasil meningkatkan kecepatan eksekusi program rata-rata sebesar 507.01%, dengan penurunan akurasi rata-rata hanya sebesar 27.19% dibandingkan dengan metode full sampling untuk website berkonten negatif. ...... The need of the Internet has been keenly felt, however, due to a lack of control in monitoring the activities of surfing in this virtual world, making contents that will damage the morale spread very quickly and so freely accessible to everyone. This study discusses the Analysis and Design of Quick Detection System to Text-Based Negative Web Content Using Random Sampling and Latent Semantic Analysis with Singular Value Decomposition Algorithm which aims to classify negative content websites with the first step is to perform a search for links in a website using crawling technique by a web crawler program to gather website content in the text form. The entire text-based contents that have been collected will then be classified using Latent Semantic Analysis method by applying Singular Value Decomposition algorithm to show the result of classification that is able to distinguish the negative content and non-negative content website. The testing is performed using full sampling and random sampling method to determine which one is faster in doing the detection of negative content website. The results of this study showed that Latent Semantic Analysis method with Singular Value Decomposition algorithm successfully classifies the negative content websites with the percentage of classification result by 70% as the indicator, and the random sampling method with only 30% of total samples has been successful in increasing the speed of program execution by an average of 507.01%, with decreasing accuracy by an average of only 27.19% compared to full sampling method for negative content websites.

Abstrak :
The basics of web hacking introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are a "path of least resistance" that can be exploited to cause the most damage to a system, with the lowest hurdles to overcome. This is a perfect storm for beginning hackers. The process set forth in this book introduces not only the theory and practical information related to these vulnerabilities, but also the detailed configuration and usage of widely available tools necessary to exploit these vulnerabilities. The basics of web hacking provides a simple and clean explanation of how to utilize tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more. Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He will lead you through a focused, three-part approach to Web security, including hacking the server, hacking the Web app, and hacking the Web user. With Dr. Pauli’s approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how easily they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and several known-vulnerable Web application VMs that are widely available and maintained for this very purpose.