Analisis keamanan Learning Management System (LMS) moodle dengan metode vulnerability scanning
Abstract
The Learning Management System (LMS) is a crucial e-learning platform for managing online education. One popular LMS used today is Moodle, which is open source and offers various customizable features to meet users' needs. Security is a critical aspect of LMS because it stores sensitive data such as user information and learning materials. This research aims to analyze the security of Moodle using the Vulnerability Scanning method with OWASP-ZAP tools. The analysis include identifying security vulnerabilities, assessing their severity, and comparing them with other versions of the Moodle LMS. Recommendations for enhancing Moodle's security will also be provided. This research targets Moodle administrators, security practitioners, and researchers in the field of information security. The expected outcomes of this research are to raise awareness of the importance of security in LMS, provide guidance for conducting vulnerability scanning on Moodle, and assist administrators in identifying and addressing potential security vulnerabilities in the Moodle platform.
Downloads
References
Aapio, T. (2021). Nmap scanning basics -kurssin rakentaminen metropolian Moodleympäristöön: Metropolia Ammattikorkeakoulu Insinööri (AMK) Information and Computer Technology IoT and Cloud Computing. https://www.theseus.fi/bitstream/handle/10024/508832/Aapio_Tomi.pdf?sequ ence=2
Abdullah, H. S. (2020). Evaluation of open source web application vulnerability scanners. Academic Journal of Nawroz University. https://journals.nawroz.edu.krd/index.php/ajnu/article/view/532
Allo, A. K. (2023). Analisis keamanan website SIASAT menggunakan teknik footprinting dan vulnerability scanning. Universitas Kristen Satya Wacana Institutional Repository. https://repository.uksw.edu/handle/123456789/32212
Ally, S. (2022). Review of online examination security for the moodle learning management system. IJEDICT: International Journal of Education and Development using Information and Communication Technology, 18(1). https://files.eric.ed.gov/fulltext/EJ1345408.pdf
Al'Am'yubi, M. R. S., & Wijayanto, D. (2023). Analisis sistem keamanan website XYZ menggunakan framework OWASP ZAP. JUIK : Jurnal Ilmu Komputer, 3(1). https://journal.umgo.ac.id/index.php/juik/article/download/1974/1223
Aslan, Ö., Aktuğ, S. S., Okay, M. O., Yilmaz, A. A., & Akin, E. (2023). A Comprehensive review of cyber security vulnerabilities, threats, attacks, and solutions. Electronics, 12(6), 1333. https://doi.org/10.3390/electronics12061333
Asmiyunda, A., Sanova, A., & Ekaputra, F. (2023). Pelatihan pemanfaatan aplikasi platform open course berbasis moodle dalam mengelola pembelajaran daring. Jurnal Pengabdian UNDIKMA, 4(2), 362. https://doi.org/10.33394/jpu.v4i2.7216
Gumiran, I. C. (2022). Moodle learning management system utilization assessment: Lenses on its accessibility, security, and usability. IJRISS : International Journal of Research and Innovation in Social Science, 6(8), 468–471. https://doi.org/10.47772/IJRISS.2022.6820
Kalaani, C. (2023). OWASP ZAP vs snort for SQLi vulnerability scanning. digitalcommons.georgiasouthern.edu. https://digitalcommons.georgiasouthern.edu/cgi/viewcontent.cgi?article=3820 &context=etd
Kurniawan, S. (2021). Apa Itu Moodle? Niagahoster. https://www.niagahoster.co.id/blog/moodle-adalah/
Nurbojatmiko., Lathifah, A., Amri, F. B., & Rosidah, A. (2022). Security vulnerability analysis of the sharia crowdfunding website using OWASP-ZAP. IEEE Xplore. https://dx.doi.org/10.1109/CITSM56380.2022.9935837
Pargaonkar, S. (2023). Advancements in security testing: A comprehensive review of methodologies and emerging trends in software quality engineering. IJSR : International Journal of Science and Research, 12(9), 61–66. https://doi.org/10.21275/SR23829090815
Prasetyo, S. E., Hasanah, N., & Wijaya, G. (2022). Pengujian keamanan Learning Management System Tutor LMS terhadap kerentanan insecure design dan broken access control. Telcomatics : Telecommunication, Control, Information Technology and Electronic, 7(2). https://doi.org/10.37253/telcomatics.v7i2.7357
Pratama, I. G. I., & Cahyaningsih, I. G. A. (2021). Melawat ke dunia virtual transformasi guru sejarah biasa menjadi guru memesona abad 21 di masa pembelajaran jarak jauh. Candra Sangkala, 3(1), 11. https://doi.org/10.23887/jcs.v3i1.33919
Priyawati, D., Rokhmah, S., & Utomo, I. C. (2022). Website vulnerability testing and analysis of website application using OWASP. IJCIS : International Journal of Computer and Information System, 3(3). https://doi.org/10.29040/ijcis.v3i3.90
Riadi, I., Yudhana, A., & Yunanri, W. (2020). Analisis keamanan website open journal system menggunakan metode vulnerability assessment. Jurnal Teknologi Informasi dan Ilmu Komputer, 7(4), 853–860. https://doi.org/10.25126/jtiik.2020701928
Sahida, N. N., Rokmanah, S., & Syachruroji, A. (2023). Literature review: Pemanfaatan teknologi dalam pembelajaran di sekolah dasar. PENDAS: Jurnal Ilmiah Pendidikan Dasar, 8(3). https://journal.unpas.ac.id/index.php/pendas/article/view/10583
Copyright (c) 2024 Diah Ayu Rahma, Fina Maslahatul Firhah, Muhammad Ainul Yaqin
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work’s authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal’s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
