Analysis and Implementation of the ISSAF Framework on OSSTMM on Website Security Vulnerabilities Testing in Polinema

Abstract

Along with the increasing number of websites circulating on the Internet, the security holes that arise are also increasing. The Electrical Engineering Department's website is no exception, especially on the Electrical Engineering Department's website which has never been audited to scan for security holes on the Electrical Engineering Department's website so the level of reliability of the Electrical Engineering Department's website cannot be known. On this basis, a study entitled "Analysis and Implementation of the ISSAF Framework for OSSTMM in Testing Website Security Gaps at Polynema" will be carried out. In this study, the authors tested security holes on the website at Polinema using the ISSAF and OSSTMM frameworks to scan for security holes on the Electrical Engineering Network website. Then from the test results, recommendations will be given to website managers to overcome existing security holes. Before giving recommendations, the author will try to update website security and re-test the updated website. This is done to prove whether updates made to website security can work effectively in overcoming security holes that were previously found. Based on the research that has been done, it is known that on the Electrical Engineering Department's website there are 21 security holes with 7 of them at medium level when testing for security holes using the ISSAF framework. And there are 17 security holes when testing security holes using the OSSTMM framework. The security holes include 10 open ports, DoS, brute-force, and there are security holes in the library used.