Security Evaluation of Insurance Portal Agency Information System Based on ISO/IEC 25010 Quality Standard Utilizing OWASP ZAP

Muhammad Darmawan Fadilah, Siti Rochimah

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Information System, like insurance agency portals, bring substantial benefits for user and the company but also pose security risks due to the sensitive data they handle. Addressing these risks through regular security evaluations and enhancements is crucial to prevent potential financial, reputational, and legal consequences. This research focuses on security measurement in two versions of the agency portal: the old and the new. Both serving the same purpose but differing in technology and infrastructure. Employing the ISO 25010 security standard, tools like OWASP ZAP are used alongside manual testing to assess each ISO 25010 characteristic and subsequently evaluate both portals. The objective is to suggest security enhancements and draw comparisons between the two. The testing of ISO 25010 is segmented into several phases: identifying security characteristics, establishing measurements, assessing security on two application portals, conducting evaluations and comparisons, and providing recommendations. Testing revealed that the older portal outperforms the newer version in confidentiality and integrity, despite the latter's advanced technology. However, the new portal excels in authentication, and both applications demonstrate high scores in accountability. Both portals need to enhance the non-repudiation characteristic, given the absence of digital signatures. Based on the analysis, additional recommendations are made to improve the security of both applications.

Original languageEnglish
Title of host publication2023 3rd International Conference on Intelligent Cybernetics Technology and Applications, ICICyTA 2023
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages352-357
Number of pages6
ISBN (Electronic)9798350394559
DOIs
Publication statusPublished - 2023
Event3rd International Conference on Intelligent Cybernetics Technology and Applications, ICICyTA 2023 - Hybrid, Bali, Indonesia
Duration: 13 Dec 202315 Dec 2023

Publication series

Name2023 3rd International Conference on Intelligent Cybernetics Technology and Applications, ICICyTA 2023

Conference

Conference3rd International Conference on Intelligent Cybernetics Technology and Applications, ICICyTA 2023
Country/TerritoryIndonesia
CityHybrid, Bali
Period13/12/2315/12/23

Keywords

  • Comparison
  • ISO 25010
  • Information System
  • OWASP ZAP
  • Security Measurement

Fingerprint

Dive into the research topics of 'Security Evaluation of Insurance Portal Agency Information System Based on ISO/IEC 25010 Quality Standard Utilizing OWASP ZAP'. Together they form a unique fingerprint.

Cite this