EVALUASI KEAMANAN OPEN JOURNAL SYSTEMS (OJS) VERSI LAMA MENGGUNAKAN KERANGKA ISSAF

Abstract

The Open Journal System (OJS), developed by the Public Knowledge Project and released under the GNU public license, is widely used by educational and private institutions to publish research results. More than 44,000 journals in 148 countries use OJS to publish research in more than 60 languages. [1] However, as with other web-based systems, OJS has system vulnerabilities that require updates to close security gaps, improve compatibility, and improve performance features. Based on an initial survey, researchers found that several journals in higher education still use the old version of OJS. Researchers then researched further using the Information System Security Assessment Framework (ISSAF) and OWASP ZAP to identify vulnerabilities in the old version of OJS which universities still use. The vulnerabilities include information recorded in Common Vulnerabilities and Exposures (CVE), seclist.org, and exploit-db.com. This study shows that some institutions that use older versions of OJS add a WAF (Web Application Firewall) to reduce security risks. This article discusses these findings and recommends further research on improving OJS security.