Text

Perbandingan kinerja keamanan plugin Web Application Firewall (WAF) pada Wordpress mengacu pada Web Application Firewall Evaluation Criteria (WAFEC)

---

WordPress merupakan salah satu CMS (content management system) paling popular di dunia. Ada jutaan web di internet menggunakan WordPress. Data statistik yang dimiliki oleh Akamai menunjukkan bahwa ada jutaan hingga puluhan juta serangan terhadap web setiap hari. Ada berbagai cara yang dapat dilakukan untuk mengamankan web dari serangan-serangan tersebut, seperti memperhatikan input sanitization, menggunakan SSL, dan memasang Web Application Firewall (WAF) pada web. Pengguna WordPress bisa memperoleh WAF secara gratis sebagai plugin. Plugin WAF bisa diunduh dan dipasang melalui repositori plugin yang disediakan. Beberapa plugin WAF yang bersifat gratis, antara lain Wordfence Security - Firewall & Malware Scan (Wordfence), All In One WP Security & Firewall (AIO WP Security), dan SiteGuard WP Plugin (SiteGuard). Terdapat perbedaan antara produk sejenis yang dikeluarkan oleh suatu vendor dengan vendor lainnya. Perbedaan ini juga mempengaruhi kinerja keamanan dari plugin WAF. Web Application Security Consortium (WASC) bersama dengan Open Web Application Security Project (OWASP) mengembangkan sebuah dokumen berisikan kriteria yang dapat digunakan sebagai alat mengevaluasi produk WAF bernama Web Application Firewall Evaluation Criteria (WAFEC). Wordfence memenuhi kriteria paling banyak pada 2 kategori, yakni Detection Techniques dan Logging. Di sisi lain, kriteria pada kategori Protection Techniques dipenuhi paling banyak oleh AIO WP Security dan SiteGuard. Wordfence menjadi plugin WAF WordPress yang paling banyak memenuhi kriteria yang ada pada 3 kategori WAFEC, yakni 24 dari 73 butir kriteria. --

WordPress is one of the most popular CMS (content management systems) in the world. There are millions of websites on the internet using WordPress. Statistical data owned by Akamai shows that there are millions to tens of millions of attacks on the web every day. There are various ways that can be done to make the web of these attacks, such as paying attention to input sanitization, using SSL, and installing a Web Application Firewall (WAF) on the web. WordPress users can get WAF for free as a plugin. The WAF plugin can be downloaded and installed via the provided plugin repository. Some of the free WAF plugins include Wordfence Security - Firewall & Malware Scan (Wordfence), All In One WP Security & Firewall (AIO WP Security), and SiteGuard WP Plugin (SiteGuard). There are differences between the products issued by a vendor with other vendors. This difference also affects the security performance of the WAF plugin. In this research the three WAF applications are reviewed using a document containing criteria called Web Application Firewall Evaluation Criteria (WAFEC). The tests are conducted based on three categories that relate with cyber-attack. The results show that Wordfence meets the most criteria in 2 categories, namely Detection and Logging Techniques. The criteria in the Protection Techniques category were met the most by AIO WP Security and SiteGuard. Wordfence is a WordPress WAF plugin that best meets the criteria in the 3 WAFEC categories, namely 24 out of 73 criteria points.

---

Availability

No copy data

Detail Information

Series Title

-

Call Number

2022 ANT p

Publisher

Bogor : Poltek SSN., 2022

Collation

xiii, 63 hlm.

Language

Indonesia

ISBN/ISSN

--

Classification

--

Content Type

-

Media Type

-

Carrier Type

-

Edition

--

Subject(s)

kinerja
WAF
WordPress
WAFEC

Specific Detail Info

-

Statement of Responsibility

Antonius Alfari

Other version/related

File Attachment

Comments

---

You must be logged in to post a comment