CFP last date
22 July 2024
Reseach Article

Web Server Security Analysis from DDoS Attack using Information Systems Security Assessment Framework Method

by Randi Indraguna, Imam Riadi
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 183 - Number 30
Year of Publication: 2021
Authors: Randi Indraguna, Imam Riadi

Randi Indraguna, Imam Riadi . Web Server Security Analysis from DDoS Attack using Information Systems Security Assessment Framework Method. International Journal of Computer Applications. 183, 30 ( Oct 2021), 38-46. DOI=10.5120/ijca2021921691

@article{ 10.5120/ijca2021921691,
author = { Randi Indraguna, Imam Riadi },
title = { Web Server Security Analysis from DDoS Attack using Information Systems Security Assessment Framework Method },
journal = { International Journal of Computer Applications },
issue_date = { Oct 2021 },
volume = { 183 },
number = { 30 },
month = { Oct },
year = { 2021 },
issn = { 0975-8887 },
pages = { 38-46 },
numpages = {9},
url = { },
doi = { 10.5120/ijca2021921691 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
%0 Journal Article
%1 2024-02-07T01:18:22.467924+05:30
%A Randi Indraguna
%A Imam Riadi
%T Web Server Security Analysis from DDoS Attack using Information Systems Security Assessment Framework Method
%J International Journal of Computer Applications
%@ 0975-8887
%V 183
%N 30
%P 38-46
%D 2021
%I Foundation of Computer Science (FCS), NY, USA

An information system is a system that provides information for management in making decisions and also for carrying out the operations of an organization or individual, such as in the use of website-based information systems for local governments, with an information system, it is important to protect against cybercrime, especially DDoS Attacks. Reporting from the company Kaspersky DDoS Protection DDoS attacks grew on average in Q1 2020, DDoS attacks lasted 25% longer than in Q1 2019. Therefore, it is important to secure the webserver of a system, so that the system can be protected from various forms of cybercrime. especially DDoS Attacks.The stages of data collection in this study include the literature study and interviews, while the research stage includes information gathering, network mapping, vulnerability testing, and analysis of reports used on the research object of an information system web server.The results of the study proved that the Information Systems Security Assessment Framework (ISSAF) method can be used to analyze the vulnerability of a web server from an information system, in the form of some data regarding server information, network mapping, the level of vulnerability of a server in this study is level 1: low, and does not have The anti-clickjacking X-Frame-Options and The X – XSS – Protection and in the next stage, the highest attack packet data penetration test is 1220689 and the lowest attack packet data is 28240 which is normal, and then the data is analyzed.

  1. M. Dahlan, A. Latubessy, M. Nurkamid, "Analysis of Web Server Security Against Possible SQL Injection Attacks" Proceedings of Snatif.pp. 251–258, 2015.
  2. L. H. Yanti and B. Cut, "Analysis of Web Server Security from Remote Os Command Injection Attacks on Government Agencies of Banda Aceh City," J. Ris. and Inov. Educator., vol. 1, no. 2, pp. 92–98, 2019.
  3. Yunanri, I. Riadi, and A. Yudhana, "Analysis of Webserver Security Using Penetration Testing Method (PENTEST)," Annu. res. Semin., vol. 2, no. 1, pp. 300–304, 2016.
  4. G. Guntoro, L. Costener, and M. Musfawati, "Security Analysis of the Web Server Open Journal System (Ojs) Using the Issaf and Owasp Method (Case Study of OJS at Lancang Kuning University)," JIPI (Journal of Scientific Research and Inform Learning. , vol. 5, no. 1, p. 45, 2020, doi:10.29100/jipi.v5i1.1565.
  5. G. Ary, S. Sanjaya, G. Made, A. Sasmita, D. Made, and S. Arsa, "Evaluating the Security of Institution X's Website through Penetration Testing Using the ISSAF Framework," vol. 8, no. 2, pp. 113–124, 2020.
  6. A. F. Mohmmad Muhsin, “Application of Web Server Security Testing Using the OWASP Method version 4 (Online Exam Web Server Case Study),” vol. 151, no. 1, pp. 10–17, 2015.
  7. T. Dirgahayu, Y. Prayudi, and A. Fajaryanto, “Application of ISSAF and OWASP Method version 4 for Web Server Vulnerability Testing,” J. Ilm. NERO, vol. 1, no. 3, pp. 190–197, 2015, [Online]. Available:
  8. A. Herliana and P. M. Rasyid, “Information System Monitoring Software Development in Phase,” J. Inform., no. 1, pp. 41–50, 2016.
  9. M. L. Harumy, T.H.F., Julham Sitorus, “Attendance Information System at Pt . Cospar Sentosa Jaya Using Java Programming Language,” J. Tek. Informatics, vol. 5, no. 1, pp. 63–70, 2018.
  10. O. Fajarianto, M. Iqbal, and J. T. Cahya, “Decision Support System for Recruitment Selection Using the Weighted Product Method,” J. Sisfotek Glob., vol. 7, no. 1, pp. 49–55, 2017.
  11. P. E. S. and L. S. Sudjiman, “COMPUTER BASED MANAGEMENT INFORMATION SYSTEM Paul Eduard Sudjiman and Lorina Siregar Sudjiman, “COMPUTER BASED MANAGEMENT INFORMATION SYSTEM,” J. TeIKA, vol. 8, pp. 55–67, 2018.
  12. M. D. Irawan and L. Hasni, “Employee Payroll System at Lkp Grace Education Center,” JurTI (Journal of Teknol. INFORMASI), vol. 1, no. 2, pp. 125–136, 2018, doi:10.31227/
  13. A. Setiawan and AI Purnamasari, "Development of Smart Homes With ESP32 Microcontrollers and MC-38 Door Magnetic Switch Sensors Based on Internet of Things (IoT) To Improve Early Detection of Residential Security," J. RESTI (System Engineering and Information Technology), vol. 3, no. 3, pp. 451–457, 2019, doi:10.29207/resti.v3i3.1238.
  14. AA Permana, "Design of a Savings and Loan Information System for Teachers and Employees Cooperatives at SMP Negeri 45 Jakarta," JIKA (Jurnal Inform., vol. 1, no. 2, pp. 79–87, 2017, doi: 10.31000/jika.v1i2. 1400.
  15. I. K. Rachmawati, Y. Handoko, F. Nuryanti, M. Wulan, and S. Hidayatullah, "The influence of convenience, customer trust and information quality on online purchasing decisions," Semin. Nas. Sis. inf. 2019, vol. 3, no. September, pp. 1617–1625, 2019.
  16. O. A. Ruslinda Agustina, Rara Gustina, “Accounting at Pt Indomarco Prismatama Branch,” vol. 14, no. 1, 2021.
  17. S. Romla and A. Ratnawati, "E-Commerce Purchase Decisions Through Ease of Use, Quality of Information and Quality of Web Service Interaction," J. Ekon. and Business, vol. 19, no. 1, p. 59, 2018, doi:10.30659/ekobis.19.1.59-70.
  18. H. M. Jumasa, "Design and Build a Mobile-Based Digital Library (Case Study: University of Muhammadiyah Purworejo)," INTEK J. Inform. and Technol. Inf., vol. 2, no. 1, pp. 32–38, 2019, doi:10.37729/intek.v2i1.87.
  19. Y. Krisdiantoro, I. Subekti, and Y. W. Prihatiningtias, “The Effect of System Quality and Information Quality on Net Benefits with Intensity of Use as a Mediation Variable,” J. Akunt. Actual, vol. 5, no. 2, pp. 149–167, 2018, doi:10.17977/um004v5i22018p149.
  20. A. Nur, "Analysis and Testing of Library Information System Vulnerabilities," J. Mandiri, vol. 3, no. 1, pp. 99–115, 2019.
  21. H.Maulana.J.S., Bestin.S.S, Renaldi.J.A, and T. F.P.F, “Iso 17799 Policies on Organizations as Management of Information Security Systems,” Angew. Chemie Int. Ed. 6(11), 951–952., vols. 3, no. 2, pp. 67–74, 1967.
  22. M. Ridwan, Z. Arifin, and Y. Yulianto, "Design of E-Voting Using Web-Based Rivest Shamir Adleman (RSA) Algorithm Security (Case Study: Election of Chairperson of Bem Fmipa)," Inform. Mulawarman J. Ilm. Computing Science., vol. 11, no. 2, p. 22, 2016, doi:10.30872/jim.v11i2.210.
  23. M. Aritonang, “Designing Security Applications to Restrict Access Rights,” vol. 2, no. 1, pp. 108–111, 2016.
  24. N. Sugianti, Y. Galuh, S. Fatia, and K. F. H. Holle, "Detection of HTTP-Based Distributed Denia of Services (DDOS) Attacks Using the Fuzzy Sugeno Method," JISKA (Jurnal Inform. Sunan Kalijaga), vol. 4, no. 3, p. 18, 2020, doi:10.14421/jiska.2020.43-03.
  25. R. H. Hutagalung, L. E. Nugroho, and R. Hidayat, "Analysis of Penetration Tests Using ISSAF," Hacking Digits. Forensics Expo., pp. 32–40, 2017.
Index Terms

Computer Science
Information Sciences


Web Server DDoS Attack System Information Penetration Testing (ISSAF).