Security assessment pada aplikasi mobile Android Sapawarga milik Pemerintah Provinsi Jawa Barat dengan mengacu pada kerentanan OWASP mobile top ten 2016

Search by :

ALL Author Subject ISBN/ISSN Advanced Search

Last search:

Image of Security assessment pada aplikasi mobile Android Sapawarga milik Pemerintah Provinsi Jawa Barat dengan mengacu pada kerentanan OWASP mobile top ten 2016

Teks

Security assessment pada aplikasi mobile Android Sapawarga milik Pemerintah Provinsi Jawa Barat dengan mengacu pada kerentanan OWASP mobile top ten 2016

Nanang Trianto - Personal Name; Candra Kurniawan - Personal Name;

Indonesia
Aplikasi Sapawarga merupakan aplikasi unggulan pemerintah Provinsi Jawa Barat yang digunakan untuk pelayanan publik. Aplikasi ini menjadi penjembatan antara pemerintah Provinsi Jawa Barat dengan Ketua RW. Pada penelitian ini dilakukan security assessment pada aplikasi Sapawarga untuk mengidentifikasi kerentanan dan dampak kerentanan, nilai kerentanan, serta memberikan rekomendasi keamanan pada kerentanan yang teridentifikasi. Kerentanan yang diidentifikasi mengacu pada kerentanan dari OWASP Mobile Top Ten 2016. Penelitian ini menggunakan metode security assessment berdasarkan SANS yang terdiri dari tiga langkah yaitu reviewing, examination, dan testing. Tahap reviewing dilakukan dengan mengumpulkan informasi terkait aplikasi Sapawarga, kebijakan Pemprov Jabar, dan terkait dengan NDA. Tahap examination disebut juga analisis statis, di sini dilakukan analisis statis otomatis menggunakan scanner MobSF dan MARA Framework. Kemudian tahap testing atau analisis dinamis dilakukan pengujian kerentanan dengan menjalankan aplikasi.

Berdasarkan hasil security assessment teridentifikasi enam kerentanan pada aplikasi Sapawarga di mana enam kerentanan tersebut termasuk dalam lima kerentanan OWASP Mobile Top Ten 2016. Rincian kerentanan yang ditemukan insecure data storage (manipulatability backup dan aplikasi membuat file temp) kategori kerentanan medium, insecure communication (insecure implementation WebView) kategori kerentanan high, insufficient cryptography (static key) kategori kerentanan medium, client code quality (manipulatability activity) kategori kerentanan none, dan reverse engineering kategori kerentanan medium. Kerentanan yang ditemukan ini berdampak pada hilangnya aspek kerahasiaan seperti data sensitif pengguna, password default dan kunci konfigurasi aplikasi dengan server backend yang terdapat pada kode sumber. Berdasarkan kerentanan tersebut, diberikan rekomendasi keamanan berupa penerapan enkripsi data, penerapan teknik obfuscation, serta melakukan manajemen kunci untuk tujuan mengatasi kerentanan dan mencegah dampak yang terjadi.

English
The Sapawarga application is the flagship application of the West Java Provincial government which is used for public services. This application is a bridge between the West Java provincial government and the Chairman of the RW. In this study a security assessment was conducted on the Sapawarga application to identify vulnerabilities and the impact of vulnerabilities, the value of vulnerabilities, as well as provide security recommendations on the identified vulnerabilities. The vulnerability identified refers to the vulnerability of OWASP Mobile Top Ten 2016. This study uses a security assessment method based on SANS which consists of three steps, namely reviewing, examination, and testing. The Reviewing stage is carried out by collecting information related to the Sapawarga application, West Java Provincial Government policies, and related to NDA. The examination stage is also called static analysis, where automatic static analysis is carried out using the MobSF scanner and MARA Framework. Then the testing phase or dynamic analysis is carried out by testing the vulnerability by running the application.

Based on the results of the security assessment, six vulnerabilities were identified in the Sapawarga application in which the six vulnerabilities were included in the OWASP Mobile Top Ten 2016 vulnerabilities.Details of the vulnerabilities found in insecure data storage (manipulatability backups and applications creating temp files) in the medium vulnerability category, insecure communication (insecure implementation) WebView) for high vulnerability category, insufficient cryptography (static key) for medium vulnerability category, client code quality (manipulatability activity) for none vulnerability category, and for reverse engineering for medium vulnerability category. The vulnerability found has an impact on the loss of confidentiality aspects such as sensitive user data, default passwords and application configuration keys with the backend server contained in the source code. Based on these vulnerabilities, security recommendations are given in the form of data encryption, obfuscation techniques, and key management for the purpose of overcoming vulnerabilities and preventing impacts.

Availability

Location name is not set Location name is not set

TA20200101180

Available

Location name is not set Location name is not set

TA20200101181

Available

Detail Information

Series Title: --
Call Number: 2020 CAN s
Publisher: Bogor : Politeknik Siber dan Sandi Negara., 2020
Collation: xiv, 80 halaman
Language: Indonesia
ISBN/ISSN: --
Classification: --
Content Type: -
Media Type: -
Carrier Type: -
Edition: --
Subject(s): --
Specific Detail Info: -
Statement of Responsibility: Candra Kurniawan

Other version/related

No other version available

File Attachment

No Data

Comments

You must be logged in to post a comment