Website Security Analysis using Open Web Application Security Project 10

Abstract

Website security is an essential component as an action taken to protect and secure websites from different types of threats. The lack of awareness of the importance of website security from the owners or managers of the website leads to no effort to minimize the risk of threats and vulnerabilities. Penetration testing is a legitimate effort to find and exploit the security of websites with the aim to make the website safer. The Open Web Application Security Project (OWASP) is a WEB application Security Testing framework focused on the security of Web applications, where the process involves actively analysis of Web applications, to find the weaknesses of a website. OWASP Top 10 is a type of OWASP document to ensure website security is a checklist of the 10 most dangerous types of website vulnerabilities today, namely: Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities, Broken Access Control, Security Misconfiguration, Cross Site Scripting, Insecure Deserialization, Using Components With Known Vulnerabilities, and Insufficient Logging and Monitoring. In this research the author will conduct analysis and test the security of the website STMIK Sumedang with 6 subdomains in it with the aim to know how to test the Web security STMIK Sumedang using OWASP 10, and whatever as an effort to improve the quality of STMIK Sumedang web security