Rancang Bangun Aplikasi Surat Izin Sekolah Berbasis Web Menggunakan Metode WDLC
DOI:
https://doi.org/10.56706/ik.v18i3.109Keywords:
Aplikasi web, WDLC, Attack Tree, Pemodelan ancaman, OWASP ZAPAbstract
Saat ini dengan populernya aplikasi berbasis web membawa dampak negatif berupa maraknya serangan dan kerentanan pada aplikasi berbasis web. Pembangunan aplikasi dengan pendekatan yang tepat dan identifikasi ancaman dapat meningkatkan keamanan aplikasi yang dibuat. Pada penelitian ini akan dibangun sistem informasi yaitu Surat Izin Online berbasis web yang dibangun menggunakan metode Web Development Lifecycle (WDLC) dengan menambahkan threat modeling dengan metode Attack Tree pada tahap analysis dan mitigasinya pada tahap development. Aplikasi kemudian diuji dengan menggunakan OWASP ZAP untuk mengetahui kerentanan pada aplikasi. Hasil dari penelitian ini adalah dengan menerapkan metode WDLC dan threat modeling aplikasi yang dibangun bisa mengatasi ancaman yang sebelumnya sudah dijabarkan.
References
A. H. K. Yuen, N. Law, and K. C. Wong, “ICT implementation and school leadership: Case studies of ICT integration in teaching and learning,” Journal of Educational Administration, vol. 41, no. 2, pp. 158–170, Apr. 2003, doi: 10.1108/09578230310464666. Available: https://www.emerald.com/insight/content/doi/10.1108/09578230310464666/full/html.
Hendra and Y. Arifin, “Web-based Usability Measurement for Student Grading Information System,” Procedia Computer Science, vol. 135, pp. 238–247, 2018, doi: 10.1016/j.procs.2018.08.171. Available: https://linkinghub.elsevier.com/retrieve/pii/S1877050918314601.
M. Bugliesi, S. Calzavara, and R. Focardi, “Formal methods for web security,” Journal of Logical and Algebraic Methods in Programming, vol. 87, pp. 110–126, Feb. 2017, doi: 10.1016/j.jlamp.2016.08.006. Available: https://linkinghub.elsevier.com/retrieve/pii/S2352220816301055.
J. Rothi and D. (Chi-C. Yen, “System Analysis and Design in End User Developed Applications,” Journal of Information Systems Education, vol. 2, no. 1, pp. 11–17, Dec. 1989, Available: https://aisel.aisnet.org/jise/vol2/iss1/2
R.Kamatchi, J. Iyer, and S. Singh, “Software Engineering:Web Development Life Cycle,” International Journal of Engineering Research & Technology, vol. 2, no. 3, Mar. 2013, doi: 10.17577/IJERTV2IS3438. Available: https://www.ijert.org/research/software-engineeringweb-development-life-cycle-IJERTV2IS3438.pdf, https://www.ijert.org/software-engineeringweb-development-life-cycle.
W. Xiong and R. Lagerström, “Threat modeling – A systematic literature review,” Computers & Security, vol. 84, pp. 53–69, Jul. 2019, doi: 10.1016/j.cose.2019.03.010. Available: https://linkinghub.elsevier.com/retrieve/pii/S0167404818307478.
H. Mantel and C. W. Probst, “On the Meaning and Purpose of Attack Trees,” in 2019 IEEE 32nd Computer Security Foundations Symposium (CSF), Hoboken, NJ, USA: IEEE, Jun. 2019, pp. 184–18415. doi: 10.1109/CSF.2019.00020. Available: https://ieeexplore.ieee.org/document/8823696/.
A. Mohammed, J. Alkhathami, H. Alsuwat, and E. Alsuwat, “Security of Web Applications: Threats, Vulnerabilities, and Protection Methods,” International Journal of Computer Science and Network Security, vol. 21, no. 8, pp. 167–176, Aug. 2021, doi: 10.22937/IJCSNS.2021.21.8.22. Available: https://doi.org/10.22937/IJCSNS.2021.21.8.22.
The MITRE Corporation, “SAMPLE - Safety Management System Risk Matrix.” Available: https://www.mitrecaasd.org/SMS/doc/Sample_Risk_Matrix.pdf. [Accessed: Aug. 23, 2024]
Downloads
Submitted
Accepted
Published
Issue
Section
License
Copyright (c) 2024 Info Kripto
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
