Image of Uji keamanan aplikasi mobile lapor menggunakan metode OWASP mobile security testing guide
Bookmark Share

Teks

Uji keamanan aplikasi mobile lapor menggunakan metode OWASP mobile security testing guide

Indonesia
LAPOR merupakan sistem pendukung yang digunakan oleh Kantor Staf Presiden untuk melakukan evaluasi dan melakukan pengawasan terhadap program prioritas nasional dan isu-isu strategis. LAPOR memiliki beberapa platform salah satunya adalah platform berbasis android. Pembuatan platform LAPOR berbasis android dirasa tepat, karena android merupakan sistem operasi mobile yang paling populer. Akan tetapi, dibalik kepopuleran android tentu terdapat masalah keamanan yang perlu untuk diperhatikan. Berdasarkan masalah keamanan yang paling sering ditemui pada aplikasi mobile berbasis Android, sebanyak 76% merupakan masalah keamanan pada data storage. Tujuan dari penelitian ini adalah melakukan uji keamanan aplikasi mobile LAPOR berbasis Android menggunakan metode OWASP Mobile Security Testing Guide. Pengujian dilakukan menggunakan pendekatan black box pada cakupan fokus area Data Storage on Android. Pengujian tersebut terdiri dari 11 bagian pengujian, yaitu Testing Local Storage for Sensitive Data, Testing Logs for Sensitive Data, Determining Whether Sensitive Data is Sent to Third Parties, Determining the Keyboard Cache is Disable for Text Input Fields, Determining Whether Sensitive Stored Data Has Been Exposed via IPC Mechanisms, Checking for Sensitive Data Disclosure Through the User Interface, Testing Backups for Sensitive Data, Finding Sensitive Information in Auto-Generated Screenshots, Checking Memory for Sensitive Data, dan Testing the Device-Access-Security Policy. Berdasarkan hasil pengujian, ditemukan kerentanan pada tiga dari sebelas bagian pengujian yang telah dilakukan. Kerentanan yang ditemukan yaitu Determining Whether Sensitive Data is Sent to Third Parties, Finding Sensitive Information in Auto-Generated Screenshots, dan Testing the Device-Access-Security Policy.

English

LAPOR is a support system that is employed by Kantor Staf Presiden (The Office of Presidential Staff) to evaluate and supervise national priority programs and strategic issues. LAPOR has several platforms, one of which is an Android-based platform. The creation of android-based LAPOR platform is appropriate due to its being the most popular mobile operating system. Nevertheless, some security issues need to be addressed despite popularity of Android. Based on security problems most frequently encountered on Android-based mobile applications, 76% of security problems occur in data storage. The aim of this study is to test the security of an Android-based LAPOR mobile application using the OWASP Mobile Security Testing Guide method. The test was carried out using black box approach in the focus area coverage in Data Storage on Android. The test consists of 11 parts, namely Testing Local Storage for Sensitive Data, Testing Logs for Sensitive Data, Determining whether Sensitive Data is Sent to Third Parties, Determining the Keyboard Cache is Disable for Text Input Fields, Determining Whether Sensitive Stored Data Has Been Exposed via IPC Mechanisms, Checking for Sensitive Data Disclosure through the User Interface, Testing Backups for Sensitive Data, Finding Sensitive Information in Auto-Generated Screenshots, Checking Memory for Sensitive Data, and Testing the Device-Access-Security Policy. Based on the test results, vulnerabilities are discovered in three of eleven parts of the test that has been conducted. Those vulnerabilities were Determining Whether Sensitive Data is Sent to Third Parties, Finding Sensitive Information in Auto-Generated Screenshots, and Testing the Device-Access-Security Policy.

Availability

No copy data

Detail Information
Series Title
--
Call Number
2020 BIN u
Publisher
Bogor : Poltek SSN.,
Collation
xiv, 184 halaman
Language
Indonesia
ISBN/ISSN
--
Classification
--
Content Type
-
Media Type
-
Carrier Type
-
Edition
--
Subject(s)
--
Specific Detail Info
-
Statement of Responsibility
Other version/related

No other version available

File Attachment
No Data
Comments
You must be logged in to post a comment