Vulnerability Evaluation for Student Enrollment at SMKS Pandawa Bali Global Abiansemal

Authors

  • Indrianto Sistem Komputer, ITB STIKOM Bali
  • Edwar Manajemen Informatika, ITB STIKOM Bali

DOI:

https://doi.org/10.46984/sebatik.v28i2.2510

Keywords:

Vulnerability, Student Enrollment, Data Security, Risk Analysis, Penetration Testing

Abstract

The development of information technology has driven the adoption of digital student enrollment systems by various educational institutions, including SMKS Pandawa Bali Global Abiansemal. The school employs the CodeIgniter 3 framework with standard configurations to enhance efficiency, transparency, and accessibility in the student admission process. However, this technological progress also introduces significant security risks, such as potential data breaches, system integrity disruptions, and damage to the school's reputation. This study aims to evaluate the security vulnerabilities of SMKS Pandawa Bali Global’s online registration system through risk analysis and penetration testing. The research methodology involves a literature review, identification of vulnerabilities, risk assessment, and formulation of recommendations. The findings reveal several critical vulnerabilities, including risks of SQL injection attacks, Cross-Site Scripting (XSS), and insecure session management. To address these issues, the study recommends implementing security measures such as deploying a Web Application Firewall (WAF), enabling multi-factor authentication, conducting regular security testing, and providing security training for staff. By adopting these measures, the school can enhance the security and stability of its enrollment system, ensuring a smoother, safer, and more reliable student registration process in the future.

References

Ismail, N., et al. (2023). "Cybersecurity Threats in Online Student Registration Systems." Journal of Information Security Research, 15(3), 200-215.

Rahardjo, H. (2022). "Implementasi Framework CodeIgniter dalam Sistem Pendaftaran Siswa Online." Jurnal Teknologi dan Informasi, 10(2), 90-105.

Sari, R., & Yulianti, D. (2021). "Efisiensi Pendaftaran Online: Studi Kasus di Sekolah Menengah Kejuruan." Jurnal Pendidikan Teknologi Informasi dan Komunikasi, 9(1), 45-55.

Setiawan, M., & Prasetyo, B. (2020). "Keamanan Data dalam Sistem Pendaftaran Online." Jurnal Sistem Informasi, 12(2), 122-135.

Wijaya, A., et al. (2023). "Risk Analysis and Penetration Testing in Educational Information Systems." International Journal of Cybersecurity, 7(2), 134-149.

Creswell, J.W., & Poth, C.N. (2018). Qualitative Inquiry and Research Design: Choosing Among Five Approaches (4th Edition). SAGE Publications.

European Union Agency for Cybersecurity (ENISA). (2020). Information Security Risk Management. ENISA.

OWASP Foundation. (2023). OWASP Application Security Verification Standard (ASVS) Version 4.0. OWASP.

Aljawarneh, S., Yassein, M. B., & Almseidin, M. (2021). An enhanced multi-factor authentication model for secure cloud computing environments. Journal of Network and Computer Applications, 179, 102975. doi:10.1016/j.jnca.2021.102975

Bhardwaj, A., Sharma, A., & Vardhan, M. (2020). A comprehensive study on SQL injection: Vulnerabilities, attacks, and prevention techniques. International Journal of Information Management, 54, 102198. doi:10.1016/j.ijinfomgt.2020.102198.

Gupta, A., Kumar, R., & Singh, N. (2020). Mitigating XSS vulnerabilities in web applications: A survey of approaches. Journal of Information Security and Applications, 54, 102556. doi:10.1016/j.jisa.2020.102556.

Scholte, T., Egele, M., Kirda, E., & Kruegel, C. (2019). Session management in web applications: Best practices and challenges. Journal of Web Engineering, 15(5), 331-354. doi:10.1007/s10207-019-00437-8

European Union Agency for Cybersecurity (ENISA). (2020). Distributed Denial of Service (DDoS) attacks: Detection, mitigation, and protection. Retrieved from https://www.enisa.europa.eu/publications/info-notes/dns-ddos-attack-protections, diakses pada 10 agustus 2024.

Morgan, R., & Cheah, Y. (2021). Effective patch management in web applications: A comprehensive study. Journal of Software Maintenance and Evolution, 33(1), e2247. doi:10.1002/smr.2247

ISO/IEC 27001:2022. (2022). Information security management systems – Requirements. International Organization for Standardization. doi:10.3403/30270035

NIST. (2020). NIST Special Publication 800-50: Building an Information Technology Security Awareness and Training Program. National Institute of Standards and Technology. doi:10.6028/NIST.SP.800-50

Published

2024-12-20

How to Cite

Indrianto, I. and Edwar, E. (2024) “Vulnerability Evaluation for Student Enrollment at SMKS Pandawa Bali Global Abiansemal”, Sebatik, 28(2). doi: 10.46984/sebatik.v28i2.2510.

Issue

Vol. 28 No. 2 (2024): December 2024

Section

Articles

License

Copyright (c) 2024 Indrianto, Edwar

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

 

Authors retain all their rights to the published works, such as (but not limited to) the following rights; Copyright and other proprietary rights relating to the article, such as patent rights, The right to use the substance of the article in own future works, including lectures and books, The right to reproduce the article for own purposes, The right to self-archive the article