Implementation and Analysis ModSecurity on Web-Based Application with OWASP Standards

  • Kirana Dhiatam Dhiatama Ayunda Telkom University
  • Adityas Widjajarto Telkom University
  • Avon Budiono Telkom University
Keywords: Vulnerability, Exploit, Web Application Firewall, CVE

Abstract

The use of a web application firewall is a necessity to protect web-based applications from attacks. The application of a web application firewall on web-based applications can reduce attacks that occur. From the security aspect, it is necessary to know how effective a web application firewall is to protect and minimize malicious attacks that attacks web-based applications. This research uses the OWASP standard as a step to perform penetration testing. From the three experiments conducted, the web application firewall effectively protects vulnerable web applications by 66% and can protect two vulnerabilities with high-level risk. Vulnerability measures that can be taken as prevention efforts and security level assessments are based on Common Vulnerability and Exposures (CVE).

References

[1] S. Y. Dima Bekerman, “The State of Vulnerabilities in 2019,” 2020.
[2] V. Malekar, “Web Application Firewall to Protect Against Web Application Vulnerabilities : A Survey and Comparison,” vol. 4, no. 1, pp. 141–144, 2013.
[3] Hani Ammariah, “5 Langkah Penulisan Metode Ilmiah,” 2018. https://www.ruangguru.com/blog/5-langkah-penulisan-metode-ilmiah (accessed Jun. 24, 2021).
[4] M. S. Sastra Wardaya, “Penetration Testing Terhadap Website Asosiasi Pekerja Profesional Informasi Sekolah Indonesia (APISI),” Skripsi, vol. 11, no. 1, pp. 1–14, 2019.
[5] T. Syarif Revolino and D. Jatmiko Andri, “Analisis Perbandingan Metode Web Security Ptes, Issaf Dan Owasp Di Dinas Komunikasi Dan Informasi Kota Bandung,” p. 8, 2019.
[6] K. Elshazly, Y. Fouad, M. Saleh, and A. Sewisy, “A Survey of SQL Injection Attack Detection and Prevention,” J. Comput. Commun., vol. 02, no. 08, pp. 1–9, 2014, doi: 10.4236/jcc.2014.28001.
[7] Oscar Andersson, “Sec24 – SQL Injection – SqlMap,” 2013. https://sec24.se/penetrationstest/sql-injection-sqli/sql-injection-sqlmap.
[8] Haibae, “Cara Menggunakan Cookie,” 2020. https://www.haibae.com/cara-menggunakan-cookie/ (accessed Jun. 24, 2021).
[9] CWE, “CVE - CWE Mapping Guidance,” 2021.
[10] H. Afrih Juhad, R. R. Isnanto, and E. D. Widianto, “Analisis Keamanan pada Aplikasi Her-registrasi Online Mahasiswa Universitas Diponegoro,” J. Teknol. dan Sist. Komput., vol. 4, no. 3, p. 479, 2016, doi: 10.14710/jtsiskom.4.3.2016.479-484.
Published
2021-09-15