Moh Rizki Syaifudin, Mohamad Ali Murtadho, Moh Shohibul Wafa, Mukhamad Masrur

UNIPDU Campus Website Security Analysis Through Vulnerability Assessment (VA) Method with Acunetix Tools Assistance

Introduction

Unipdu campus website security analysis through vulnerability assessment (va) method with acunetix tools assistance. Analyzes UNIPDU Jombang campus website security using Acunetix Vulnerability Assessment (VA). Identifies critical vulnerabilities like misconfigurations and outdated components (OWASP A05, A06). Offers key recommendations to boost data security and user trust.

Abstract

Amidst the rapid development of technology, website vulnerabilities are a major threat, opening up opportunities for hackers to hunt and steal important data. Web applications are a technological innovation that not only facilitates access to information on the Unipdu Jombang campus, but also functions as the main link in the information system, even though they have to face major challenges in maintaining its security. By using the Vulnerability Assessment (VA) approach that utilizes Acunetix technology, this study attempts to assess the weaknesses of the Unipdu Jombang campus website and offers suggestions for improving its security. The main domain of the website is the focus of the study, which uses automated testing methodology to find vulnerabilities that could be exploited. Many vulnerabilities were found by the test results, including the use of reverse proxy detected, using cloud services such as CloudFlare, and TLS/SSL certificates that are almost expired. Through reports from scans that comply with the OWASP Top 10 2021 guidelines on Acunetix tools, 2 groups of vulnerability categories were found, including: (A05) security misconfiguration and (A06) Vulnerable and Outdated Components. It is hoped that these efforts will improve data security and thwart various threats. The results of this study provide important information for Unipdu website developers, including the need to update SSL certificates and suggest scanning on internal versions of web applications without active WAF. These findings not only strengthen system security, but also help campuses maintain user trust while also being a guide for the development of more reliable and secure information systems in the future.

Review

This paper addresses a highly relevant and critical topic: the security posture of the UNIPDU Jombang campus website. By employing a Vulnerability Assessment (VA) methodology with the aid of Acunetix, the study aims to identify weaknesses and propose actionable improvements. The abstract clearly outlines the systematic approach taken, focusing on the main domain and aligning its findings with the widely recognized OWASP Top 10 2021 guidelines. The identification of various vulnerabilities, particularly within the categories of security misconfiguration (A05) and vulnerable/outdated components (A06), underscores the practical and timely nature of this research, highlighting common security challenges faced by educational institutions. A key strength of this study lies in its application of a commercial, reputable scanning tool like Acunetix, which lends credibility to the vulnerability discovery process. The alignment with OWASP Top 10 provides a standardized framework for categorizing findings, making them understandable and comparable. However, the abstract could benefit from a clearer distinction between architectural components (like reverse proxies or CloudFlare usage) and actual vulnerabilities arising from their misconfiguration or outdated versions. While "many vulnerabilities" were found, specifying the severity distribution (e.g., critical, high, medium) would provide a more complete picture of the risk landscape. Additionally, the suggestion to scan internal versions without an active WAF implies that the initial scan might have been conducted with a WAF, potentially limiting the depth of discovered vulnerabilities; clarifying this scope would enhance understanding. Ultimately, this study delivers important and actionable insights for the UNIPDU Jombang campus website developers. The recommendations, such as updating SSL certificates and considering internal scans, are direct and practical steps toward bolstering security. The paper effectively demonstrates the value of routine vulnerability assessments in maintaining data integrity, fostering user trust, and guiding the development of more resilient information systems. While primarily a foundational security assessment using automated tools, it serves as a valuable case study and a strong impetus for ongoing security efforts within the institution and similar educational environments.

Full Text

Comments

You need to be logged in to post a comment.