Keamanan Sistem Perangkat Lunak dengan Secure Software Development Lifecycle
Article Sidebar
Published:
May 1, 2021
Keywords:
Keamanan, perangkat lunak, SSDLC
Section
Articles
Statistics Article
Article View : 392 Times
Main Article Content
Abstract
Saat ini, pengembangan perangkat lunak lebih kompleks daripada sebelumnya di mana keamanan menjadi salah satu yang paling krusial. Masalah keamanan menjadi bagian penting untuk developer perangkat lunak.Kebutuhan keamanan dalam pengembangan perangkat lunak menghasilkanpenciptaan yang disebut Secure Software Development Life Cycle (SSDLC). Paper ini menyoroti kerentanan perangkat lunak dan pendekatan untuk mengatasinya. Untuk itu akan dibahas beberapa tool keamanan seperti OWASP dan ISSAF. Tujuannya agar dapat mengetahui sejauh mana tool-tool tersebut meminimalkan kerentanan dalam pengembangan perangkat lunak.
Downloads
Download data is not yet available.
Article Details
References
Fujdiak, R., Mlynek, P., Mrnustik, P., Barabas, M., Blazek, P., Borcik, F., & Misurec, J. (2019). Managing the secure software development. 2019 10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Proceedings and Workshop, 1–4. https://doi.org/10.1109/NTMS.2019.8763845
Kurniawan, A., Riadi, I., & Luthfi, A. (2017). Forensic analysis and prevent of cross site scripting in single victim attack using open web application security project (OWASP) framework. Journal of Theoretical and Applied Information Technology, 95(6), 1363–1371.
Liberati, A., Altman, D. G., Tetzlaff, J., Mulrow, C., Gøtzsche, P. C., Ioannidis, J. P. A., … Moher, D. (2009). The PRISMA statement for reporting systematic reviews and meta-analyses of studies that evaluate healthcare interventions: explanation and elaboration. BMJ (Clinical Research Ed.), 339. https://doi.org/10.1136/bmj.b2700
Quiñones, D., & Rusu, C. (2017). How to develop usability heuristics: A systematic literature review. Computer Standards and Interfaces, 53(September 2016), 89–122. https://doi.org/10.1016/j.csi.2017.03.009
Tung, Y. H., Lo, S. C., Shih, J. F., & Lin, H. F. (2016). An integrated security testing framework for Secure Software Development Life Cycle. 18th Asia-Pacific Network Operations and Management Symposium, APNOMS 2016: Management of Softwarized Infrastructure - Proceedings. https://doi.org/10.1109/APNOMS.2016.7737238
van Laar, E., van Deursen, A. J. A. M., van Dijk, J. A. G. M., & de Haan, J. (2017). The relation between 21st-century skills and digital skills: A systematic literature review. Computers in Human Behavior, 72, 577–588. https://doi.org/10.1016/j.chb.2017.03.010
Pidgeon, T. E., Wellstead, G., Sagoo, H., Jafree, D. J., Fowler, A. J., & Agha, R. A. (2016). An assessment of the compliance of systematic review articles published in craniofacial surgery with the PRISMA statement guidelines: A systematic review. Journal of Cranio-Maxillofacial Surgery, 44(10), 1522–1530. https://doi.org/10.1016/j.jcms.2016.07.018
Krishnamurthy, R., Meinel, M., Haupt, C., Schreiber, A., & Mader, P. (2018). DLR secure software engineering. Proceedings - 2018 ACM/IEEE 1st International Workshop on Security Awareness from Design to Deployment, SEAD 2018, 49–50. https://doi.org/10.23919/SEAD.2018.8472854
Fischer, D., Sarkarati, M., Spada, M., Michelbach, T., Urban, W., & Tueffers, C. (2011). An application security framework for SOA-based mission data systems. Proceedings - 4th IEEE International Conference on Space Mission Challenges for Information Technology, SMC-IT 2011, 53–60. https://doi.org/10.1109/SMC-IT.2011.22
Kurniawan, A., Riadi, I., & Luthfi, A. (2017). Forensic analysis and prevent of cross site scripting in single victim attack using open web application security project (OWASP) framework. Journal of Theoretical and Applied Information Technology, 95(6), 1363–1371.
Mada, U. G. (2017). Menentukan Dampak Resiko Keamanan Berbasis Pendekatan Owasp. Prosiding SNATIF, 477–484.
Akbar, M., Arif, M., Ridha, F., & Scripting, A. C. S. (2018). INTERNATIONAL JOURNAL ON INFORMATICS VISUALIZATION SQL Injection and Cross Site Scripting Prevention Using OWASP Web Application Firewall. Journal on Informatics Visualization Sql, 2, 286–292.
Dirgahayu, T., Prayudi, Y., & Fajaryanto, A. (2015). Penerapan Metode ISSAF dan OWASP versi 4 Untuk Uji Kerentanan Web Server. Jurnal Ilmiah NERO, 1(3), 190–197. Retrieved from http://nero.trunojoyo.ac.id/index.php/nero/article/download/29/27
M. Muhsin, A. Fajaryanto, "Penerapan Pengujian Keamanan Web Server Menggunakan Metode OWASP versi 4 (Studi Kasus Web Server Ujian Online)," Multitek Indonesia, Vol. 9, pp. 31-42, 2015.
Zenah, N. H. Z., & Aziz, N. A. (2011). Secure coding in software development. 2011 5th Malaysian Conference in Software Engineering, MySEC 2011, 458–464. https://doi.org/10.1109/MySEC.2011.6140716
Ghozali, B., Kusrini, K., & Sudarmawan, S. (2019). Mendeteksi Kerentanan Keamanan Aplikasi Website Menggunakan Metode Owasp (Open Web Application Security Project) Untuk Penilaian Risk Rating. Creative Information Technology Journal, 4(4), 264. https://doi.org/10.24076/citec.2017v4i4.119
Yu, H., Jones, N., Bullock, G., & Yuan, X. Y. (2011). Teaching secure software engineering: Writing secure code. 2011 7th Central and Eastern European Software Engineering Conference, CEE-SECR 2011, 1–5. https://doi.org/10.1109/CEE-SECR.2011.6188473
Kao, T. C., Mao, C. H., Chang, C. Y., & Chang, K. C. (2012). Cloud SSDLC: Cloud security governance deployment framework in secure system development life cycle. Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012, 1143–1148. https://doi.org/10.1109/TrustCom.2012.106.
Tung, Y. H., Lo, S. C., Shih, J. F., & Lin, H. F. (2016). An integrated security testing framework for Secure Software Development Life Cycle. 18th Asia-Pacific Network Operations and Management Symposium, APNOMS 2016: Management of Softwarized Infrastructure - Proceedings. https://doi.org/10.1109/APNOMS.2016.7737238
Yang, J., Lodgher, A., & Lee, Y. (2019). Secure modules for undergraduate software engineering courses. Proceedings - Frontiers in Education Conference, FIE, 2018-October, 1–5. https://doi.org/10.1109/FIE.2018.8658433
Suherman, M., Wijoyo, H., & Indrawan, I. (2020). INDUSTRY 4.0 vs SOCIETY 5.0.
Suci, I. G. S., Suyanta, I. W., Darna, I. W., Wijoyo, H., & Setyawati, E. (2020). A Measure Of Effectiveness Level Of Online Learning Amid Covid-19 Pandemic In The Course Of The Project Management Information Systems (Case Study In STIKOM Yos Sudarso Purwokerto). Journal of Critical Reviews, 7(12), 4059-4069.
Setyawati, E., Wijoyo, H., & Soeharmoko, N. (2020). Relational Database Management System (RDBMS).
Kurniawan, A., Riadi, I., & Luthfi, A. (2017). Forensic analysis and prevent of cross site scripting in single victim attack using open web application security project (OWASP) framework. Journal of Theoretical and Applied Information Technology, 95(6), 1363–1371.
Liberati, A., Altman, D. G., Tetzlaff, J., Mulrow, C., Gøtzsche, P. C., Ioannidis, J. P. A., … Moher, D. (2009). The PRISMA statement for reporting systematic reviews and meta-analyses of studies that evaluate healthcare interventions: explanation and elaboration. BMJ (Clinical Research Ed.), 339. https://doi.org/10.1136/bmj.b2700
Quiñones, D., & Rusu, C. (2017). How to develop usability heuristics: A systematic literature review. Computer Standards and Interfaces, 53(September 2016), 89–122. https://doi.org/10.1016/j.csi.2017.03.009
Tung, Y. H., Lo, S. C., Shih, J. F., & Lin, H. F. (2016). An integrated security testing framework for Secure Software Development Life Cycle. 18th Asia-Pacific Network Operations and Management Symposium, APNOMS 2016: Management of Softwarized Infrastructure - Proceedings. https://doi.org/10.1109/APNOMS.2016.7737238
van Laar, E., van Deursen, A. J. A. M., van Dijk, J. A. G. M., & de Haan, J. (2017). The relation between 21st-century skills and digital skills: A systematic literature review. Computers in Human Behavior, 72, 577–588. https://doi.org/10.1016/j.chb.2017.03.010
Pidgeon, T. E., Wellstead, G., Sagoo, H., Jafree, D. J., Fowler, A. J., & Agha, R. A. (2016). An assessment of the compliance of systematic review articles published in craniofacial surgery with the PRISMA statement guidelines: A systematic review. Journal of Cranio-Maxillofacial Surgery, 44(10), 1522–1530. https://doi.org/10.1016/j.jcms.2016.07.018
Krishnamurthy, R., Meinel, M., Haupt, C., Schreiber, A., & Mader, P. (2018). DLR secure software engineering. Proceedings - 2018 ACM/IEEE 1st International Workshop on Security Awareness from Design to Deployment, SEAD 2018, 49–50. https://doi.org/10.23919/SEAD.2018.8472854
Fischer, D., Sarkarati, M., Spada, M., Michelbach, T., Urban, W., & Tueffers, C. (2011). An application security framework for SOA-based mission data systems. Proceedings - 4th IEEE International Conference on Space Mission Challenges for Information Technology, SMC-IT 2011, 53–60. https://doi.org/10.1109/SMC-IT.2011.22
Kurniawan, A., Riadi, I., & Luthfi, A. (2017). Forensic analysis and prevent of cross site scripting in single victim attack using open web application security project (OWASP) framework. Journal of Theoretical and Applied Information Technology, 95(6), 1363–1371.
Mada, U. G. (2017). Menentukan Dampak Resiko Keamanan Berbasis Pendekatan Owasp. Prosiding SNATIF, 477–484.
Akbar, M., Arif, M., Ridha, F., & Scripting, A. C. S. (2018). INTERNATIONAL JOURNAL ON INFORMATICS VISUALIZATION SQL Injection and Cross Site Scripting Prevention Using OWASP Web Application Firewall. Journal on Informatics Visualization Sql, 2, 286–292.
Dirgahayu, T., Prayudi, Y., & Fajaryanto, A. (2015). Penerapan Metode ISSAF dan OWASP versi 4 Untuk Uji Kerentanan Web Server. Jurnal Ilmiah NERO, 1(3), 190–197. Retrieved from http://nero.trunojoyo.ac.id/index.php/nero/article/download/29/27
M. Muhsin, A. Fajaryanto, "Penerapan Pengujian Keamanan Web Server Menggunakan Metode OWASP versi 4 (Studi Kasus Web Server Ujian Online)," Multitek Indonesia, Vol. 9, pp. 31-42, 2015.
Zenah, N. H. Z., & Aziz, N. A. (2011). Secure coding in software development. 2011 5th Malaysian Conference in Software Engineering, MySEC 2011, 458–464. https://doi.org/10.1109/MySEC.2011.6140716
Ghozali, B., Kusrini, K., & Sudarmawan, S. (2019). Mendeteksi Kerentanan Keamanan Aplikasi Website Menggunakan Metode Owasp (Open Web Application Security Project) Untuk Penilaian Risk Rating. Creative Information Technology Journal, 4(4), 264. https://doi.org/10.24076/citec.2017v4i4.119
Yu, H., Jones, N., Bullock, G., & Yuan, X. Y. (2011). Teaching secure software engineering: Writing secure code. 2011 7th Central and Eastern European Software Engineering Conference, CEE-SECR 2011, 1–5. https://doi.org/10.1109/CEE-SECR.2011.6188473
Kao, T. C., Mao, C. H., Chang, C. Y., & Chang, K. C. (2012). Cloud SSDLC: Cloud security governance deployment framework in secure system development life cycle. Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012, 1143–1148. https://doi.org/10.1109/TrustCom.2012.106.
Tung, Y. H., Lo, S. C., Shih, J. F., & Lin, H. F. (2016). An integrated security testing framework for Secure Software Development Life Cycle. 18th Asia-Pacific Network Operations and Management Symposium, APNOMS 2016: Management of Softwarized Infrastructure - Proceedings. https://doi.org/10.1109/APNOMS.2016.7737238
Yang, J., Lodgher, A., & Lee, Y. (2019). Secure modules for undergraduate software engineering courses. Proceedings - Frontiers in Education Conference, FIE, 2018-October, 1–5. https://doi.org/10.1109/FIE.2018.8658433
Suherman, M., Wijoyo, H., & Indrawan, I. (2020). INDUSTRY 4.0 vs SOCIETY 5.0.
Suci, I. G. S., Suyanta, I. W., Darna, I. W., Wijoyo, H., & Setyawati, E. (2020). A Measure Of Effectiveness Level Of Online Learning Amid Covid-19 Pandemic In The Course Of The Project Management Information Systems (Case Study In STIKOM Yos Sudarso Purwokerto). Journal of Critical Reviews, 7(12), 4059-4069.
Setyawati, E., Wijoyo, H., & Soeharmoko, N. (2020). Relational Database Management System (RDBMS).
Copyright and Licensing
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.