Open Source Intelligence Testing Using the OWASP Version 4 Framework at the Information Gathering Stage (Case Study: X Company)

Full Text (PDF, 267KB), PP.8-12

Views: 0 Downloads: 0

Author(s)

I Putu Agus Eka Pratama 1,* Anak Agung Bagus Arya Wiradarma 1

1. Udayana University, Bali, Indonesia

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2019.07.02

Received: 9 Apr. 2019 / Revised: 1 May 2019 / Accepted: 19 May 2019 / Published: 8 Jul. 2019

Index Terms

Information Gathering, Maltego, OSINT, OWASP, Penetration Testing, Website

Abstract

The application of technology in various fields makes mobility even higher, one of them is by making a website for exchange and manage information. However, with information disclosure causing security and protection issues to be considered. One of the website security techniques can be done by using the penetration testing method to know the vulnerability of the system. This study will implement tools with the Open Source Intelligence concept, namely Maltego as a medium for conducting security testing and using the OWASP version 4 framework as a standardization of steps taken when security test goes on. This study will focus on information gathering security testing of important factor of the X Company's website. The results of testing and analysis with the OWASP version 4 framework with the Testing for Information Gathering module show that the web application system used by X Company has information vulnerability of the used web server version, GET and POST requests, URL systematics, website framework, website builder component, and the outline of the website architecture. The researcher gave several recommendations related to the vulnerability of the website which later can be used by X Company website administrators to improve website security and protection.

Cite This Paper

I Putu Agus Eka Pratama, Anak Agung Bagus Arya Wiradarma, "Open Source Intelligence Testing Using the OWASP Version 4 Framework at the Information Gathering Stage (Case Study: X Company)", International Journal of Computer Network and Information Security(IJCNIS), Vol.11, No.7, pp.8-12, 2019.DOI:10.5815/ijcnis.2019.07.02

Reference

[1]Abel Yeboah-Ofori, P. A. B. (2017). "Cyber Intelligence and OSINT: Developing Mitigation Techniques Against Cybercrime Threats on Social Media." International Journal of Cyber-Security and Digital Forensics 7(1): 11.
[2]Akhyar Lubis, A. T. (2017). "Security Assessment of Web Application Through Penetration System Techniques." International Journal of Recent Trends in Engineering & Research 03(01): 7.
[3]Aleatha Shanley, M. J. (2015). Selection of Penetration Testing Methodologies: A Comparison and Evaluation. 13th Australian Information Security Management Conference. Edith Cowan University Joondalup Campus, Perth, Western Australia, Edith Cowan University Research Online.
[4]Bahrun Ghozali, K., Sudarmawan and (2018). "Mendeteksi Kerentanan Keamanan Aplikasi Website Menggunakan Metode Owasp (Open Web Application Security Project) untuk Penilaian Risk Rating "Creative Information Technology Journal 4(4): 11.
[5]Benes, D. L. (2013). "OSINT, New Technologies, Education: Expanding Opportunities and Threats. A New Paradigm." Journal of Strategic Security 5(6): 15.
[6]Bert-Jaap Koops, J.-H. H., Ronald Leenes (2013). "Open-Source Intelligence and Privacy By Design." Computer Law & Security Review: 12.
[7]Deris Stiawan, M. Y. I., Abdul Hanan Abdullah, Fahad Aljaber, Rahmat Budiarto (2017). "Cyber-Attack Penetration Test and Vulnerability Analysis "International Journal of Online and Biomedical Engineering 13(1).
[8]Florian Schaurer, J. S. (2013). "The Evolution of Open Source Intelligence." Journal of U.S. Intelligence Studies 19: 4.
[9]Kawakita Masaru, S. S. (2018). "Detection, Auto Analysis of Cyber Threats Using Open Source Intelligence." NEC Technical Journal: Special Issue on Cybersecurity 12(2): 4.
[10]Mohammad Muhsin, A. F. (2015). "Penerapan Pengujian Keamanan Web Server Menggunakan Metode OWASP Versi 4 (Studi Kasus Web Server Ujian Online)." Multitek Indonesia 9(1): 9.
[11]Muhammad Zunnurain Hussain, M. Z. H., Muhammad Taimoor Aamer Chughtai (2017). "Penetration Testing In System Administration." INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH 6(6): 3.
[12]Petersen, R. L. (2017). Enhancing Identification and Reporting of Potentially Harmful Public Data on Danish Organization. Kongens Lyngby, Technical University of Denmark: 211.
[13]Pratama, I. P. A. E. (2018). Security Best Practice at Gianyar Smart Government Using Belati (An Indonesian OSINT Tool). CODEBALI International Cyber Security Conference and Exhibition, Padma Hotel, Legian, Bali, Indonesia.
[14]Raden Teduh Dirgahayu, Y. P., Adi Fajaryanto (2015). "Penerapan Metode ISSAF dan OWASP versi 4 Untuk Uji Kerentanan Web Server "Jurnal Imiah NERO 1(3): 7.
[15]Shivayogimath, C. N. (2014). "An Overview of Network Penetration Testing." International Journal of Research in Engineering and Technology 03(07): 5.
[16]Yunanri W, I. R., Anton Yudhana (2018). "Analisis Deteksi Vulnerability Pada Webserver Open Jurnal System Menggunakan OWASP Scanner." Jurnal Rekayasa Teknologi Informasi 2(1): 8.