Evaluation of Information Security at the XYZ Foundation Using OWASP Top 10 2021 Framework

Authors

  • Mustafa Kamal Telkom University, Indonesia
  • Muhammad Nasrullah Telkom University, Indonesia
  • Rully Rosadi Telkom University, Indonesia
  • Yuvens Anggito Telkom University, Indonesia
  • Sujan Chandra Roy Bangabandhu Sheikh Mujibur Rahman University, Bangladesh

DOI:

https://doi.org/10.52435/jaiit.v6i2.397

Keywords:

Cybercrime, Information security, Non-governmental organization , Top 10 OWASP 2021, Vulnerability test

Abstract

More than three billion users use the Internet in various fields, including economic, commercial, cultural, social, and governmental activities. The XYZ Foundation is a non-governmental organization that has more than one hundred thousand donors and its partners also use the Internet for their operations, including online zakat and alms transactions. Increasing the use of online transactions also increases the opportunities for cybercrime to occur. Vulnerability testing is required to observe information security in online zakat and alms transactions in the XYZ foundation. This study uses the top 10 OWASP 2021 vulnerability tests on the online zakat and alms transaction website at the XYZ foundation. The results of this research show that one aspect has a medium risk, one aspect is low, and eight aspects are very low. Based on these results, the weak aspects of online zakat and alms transactions in the XYZ foundation must be immediately improved.

References

N. Ardiani, “THE EFFICIENCY OF ZAKAT COLLECTION AND DISTRIBUTION: EVIDENCE FROM DATA ENVELOPMENT ANALYSIS,” al-Uqud J. Islam. Econ., vol. 3, no. 1 SE-Articles, pp. 54–69, Jan. 2019, doi: 10.26740/al-uqud.v3n1.p54-69.

A. R. Hakim, A. S. Mulazid, and E. Meiria, “E-Zakat: Redesign the collection and distribution of Zakat,” KnE Soc. Sci., pp. 433–452, 2018.

T. Taya et al., “An Automated Vulnerability Assessment Approach for WebAPI that Considers Requests and Responses,” in 2022 24th International Conference on Advanced Communication Technology (ICACT), 2022, pp. 423–430. doi: 10.23919/ICACT53585.2022.9728941.

A. Choiriyah and N. Qomariasih, “Security Analysis on Websites Belonging to the Health Service Districts in Indonesia Based on the Open Web Application Security Project (OWASP) Top 10 2021,” in 2023 International Conference on Information Technology and Computing (ICITCOM), 2023, pp. 267–272.

B. Lundgren and N. Möller, “Defining information security,” Sci. Eng. Ethics, vol. 25, pp. 419–441, 2019.

M. Snehi and A. Bhandari, “Security management in SDN using fog computing: A survey,” in Strategies for e-Service, e-Governance, and Cybersecurity, Apple Academic Press, 2021, pp. 117–126.

Y. Diogenes and E. Ozkaya, Cybersecurity-attack and defense strategies: Infrastructure security with red team and blue team tactics. Packt Publishing Ltd, 2018.

M. Idris, I. Syarif, and I. Winarno, “Development of vulnerable web application based on OWASP API security risks,” in 2021 International Electronics Symposium (IES), 2021, pp. 190–194.

M. D. Fadilah, “Evaluasi Keamanan Sistem Informasi Portal Agen Asuransi Berdasarkan Kualitas Standar ISO/IEC 25010 Menggunakan OWASP ZAP.” Institut Teknologi Sepuluh Nopember, 2023.

M. Aljabri et al., “Testing and exploiting tools to improve owasp top ten security vulnerabilities detection,” in 2022 14th International Conference on Computational Intelligence and Communication Networks (CICN), 2022, pp. 797–803.

F. Mateo Tudela, J.-R. Bermejo Higuera, J. Bermejo Higuera, J.-A. Sicilia Montalvo, and M. I. Argyros, “On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications,” Appl. Sci., vol. 10, no. 24, p. 9119, 2020.

S. K. Lala, A. Kumar, and T. Subbulakshmi, “Secure web development using owasp guidelines,” in 2021 5th International Conference on Intelligent Computing and Control Systems (ICICCS), 2021, pp. 323–332.

S. Alazmi and D. C. De Leon, “A systematic literature review on the characteristics and effectiveness of web application vulnerability scanners,” IEEE Access, vol. 10, pp. 33200–33219, 2022.

S. Rafique, M. Humayun, Z. Gul, A. Abbas, and H. Javed, “Systematic review of web application security vulnerabilities detection methods,” J. Comput. Commun., vol. 3, no. 09, p. 28, 2015.

M. Aydos, C. Aldan, E. Coskun, and A. Soydan, “Security testing of web applications: A systematic mapping of the literature,” J. King Saud Univ. Inf. Sci., vol. 34, no. 9, pp. 6775–6792, 2022.

J. Shahid, M. K. Hameed, I. T. Javed, K. N. Qureshi, M. Ali, and N. Crespi, “A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions,” Appl. Sci., vol. 12, no. 8, p. 4077, 2022.

Downloads

Published

2024-11-21

How to Cite

Mustafa Kamal, Muhammad Nasrullah, Rully Rosadi, Yuvens Anggito, & Roy, S. C. (2024). Evaluation of Information Security at the XYZ Foundation Using OWASP Top 10 2021 Framework. Journal of Advances in Information and Industrial Technology, 6(2), 143–152. https://doi.org/10.52435/jaiit.v6i2.397

Issue

Vol. 6 No. 2 (2024): Nov

Section

Research Article

License

Copyright (c) 2024 Mustafa Kamal, Muhammad Nasrullah, Rully Rosadi, Yuvens Anggito, Sujan Chandra Roy

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All our articles are published under a Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Most read articles by the same author(s)