Analisis Risiko Kerentanan Keamanan Aplikasi Gawai Layanan Masyarakat Pt.Xyz Menggunakan Parameter Owasp Mobile Security dan Pembobotan CVSS

Abstract

Currently the PT. XYZ is in the midst of preparation for development towards the vision of service excellence. In order to support the achievement of this vision, it should be noted that the information system that is the mainstay of the PT. XYZ. Along with the company's vision, PT. XYZ makes a community service application on devices both on Android and in IOS. OWASP (Open Web Application Security Project) Mobile Security is a parameter and guideline that can specifically be used to detect security holes in a device application, OWASP Mobile Security uses a Scenario Test Case with the concept of Attack Tree - Bruce Scheiner that is comprehensive and has a definitive glossary on Threat Agents, Attack Vectors, Security Weakness, Technical Impacts and Business Impact which can be used as definitive guidelines for weighting CVSS. CVSS (Common Vulnerability Scoring System) is a standard used to determine security vulnerabilities in a system. CVSS is widely used in the world because CVSS provides a way to capture the main characteristics of vulnerability and produce a numerical score that reflects its severity. The numerical score can then be translated into low, medium and high qualitative representations to properly assess and prioritize the security vulnerability management process. Therefore the authors are interested in conducting vulnerability risk analysis in the application of community service devices PT. XYZ in order to get confidence in possible security risks, as a parameter and guideline author uses OWASP Mobile Security and for risk score weighting author uses CVSS.