Gusti Made Arya Sasmita

Work place: Department of Information Technology, Faculty of Engineering, Universitas Udayana, Indonesia



Research Interests: Network Security


Gusti Made Arya Sasmita, Dept of Information Technology, Faculty of Engineering, Udayana University, Denpasar, Bali, Indonesia
Gusti Made Arya Sasmita lecturer at Department of Information Technology, Faculty of Engineering, Udayana University Bali, Indonesia. He got his bachelor’s degree in electrical engineering, Udayana University, Bali in 1997 and master’s degree in Informatics Engineering, Gadjah Mada University in 2003. His research interests are Audit and Network Security.
Google Scholar:

Author Articles
Web Application Penetration Testing on Udayana University's OASE E-learning Platform Using Information System Security Assessment Framework (ISSAF) and Open Source Security Testing Methodology Manual (OSSTMM)

By I Gusti Agung Surya Pramana Wijaya Gusti Made Arya Sasmita I Putu Agus Eka Pratama

DOI:, Pub. Date: 8 Apr. 2024

Education is a field that utilizes information technology to support academic and operational activities. One of the technologies widely used in the education sector is web-based applications. Web-based technologies are vulnerable to exploitation by attackers, which highlights the importance of ensuring strong security measures in web-based systems. As an educational organization, Udayana University utilizes a web-based application called OASE. OASE, being a web-based system, requires thorough security verification. Penetration testing is conducted to assess the security of OASE. This testing can be performed using the ISSAF and OSSTMM frameworks. The penetration testing based on the ISSAF framework consists of 9 steps, while the OSSTMM framework consists of 7 steps for assessment. The results of the OASE penetration testing revealed several system vulnerabilities. Throughout the ISSAF phases, only 4 vulnerabilities and 3 information-level vulnerabilities were identified in the final testing results of OASE. Recommendations for addressing these vulnerabilities are provided as follows. Implement a Web Application Firewall (WAF) to reduce the risk of common web attacks in the OASE web application. input and output validation to prevent the injection of malicious scripts addressing the stored XSS vulnerability. Update the server software regularly and directory permission checks to eliminate unnecessary information files and prevent unauthorized access. Configure a content security policy on the web server to ensure mitigation and prevent potential exploitation by attackers.

[...] Read more.
Information Technology Risk Management Using ISO 31000 Based on ISSAF Framework Penetration Testing (Case Study: Election Commission of X City)

By I Gede Ary Suta Sanjaya Gusti Made Arya Sasmita Dewa Made Sri Arsa

DOI:, Pub. Date: 8 Aug. 2020

Election Commission of X City is an institution that serves as the organizer of elections in the X City, which has a website as a medium in the delivery of information to the public and as a medium for the management and structuring of voter data in the domicile of X City. As a website that stores sensitive data, it is necessary to have risk management aimed at improving the security aspects of the website of Election Commission of X City. The Information System Security Assessment Framework (ISSAF) is a penetration testing standard used to test website resilience, with nine stages of attack testing which has several advantages over existing security controls against threats and security gaps, and serves as a bridge between technical and managerial views of penetration testing by applying the necessary controls on both aspects. Penetration testing is carried out to find security holes on the website, which can then be used for assessment on ISO 31000 risk management which includes the stages of risk identification, risk analysis, and risk evaluation. The main findings of this study are testing a combination of penetration testing using the ISSAF framework and ISO 31000 risk management to obtain the security risks posed by a website. Based on this research, obtained the results that there are 18 security gaps from penetration testing, which based on ISO 31000 risk management assessment there are two types of security risks with high level, eight risks of medium level security vulnerabilities, and eight risks of security vulnerability with low levels. Some recommendations are given to overcome the risk of gaps found on the website.

[...] Read more.
IT Risk Management Based on ISO 31000 and OWASP Framework using OSINT at the Information Gathering Stage (Case Study: X Company)

By Anak Agung Bagus Arya Wiradarma Gusti Made Arya Sasmita

DOI:, Pub. Date: 8 Dec. 2019

The major IT developments lead to speed and mobility elevation of information access. One of them is using the website to share and gather information. Therefore, the mobility and information disclosure create a harmful vulnerability. Which is the leakage of information, whether organizational or sensitive information, such as bank accounts, phone number and many more. Security testing is necessarily needed on website usage. One of the website security testing method is penetration testing. Supporting framework that can be used in this method is OWASP Testing Guide Version 4. OTG Version 4 has 11 stages cover all aspects of website protection and security. Security testing is nicely done using tools / software. Tools with the concept of OSINT (Open Source Intelligence) are used to get better access and availability by using the characteristics of open source. The IT risk assessment analysis carried out by ISO 31000 framework and based on the results that have been obtained through penetration testing with OWASP framework. Significance & values of this research is finding the best and effective way to making IT risk management guidelines along with the combination of with OWASP & ISO 31000 framework, by doing website security assessment with penetration testing method based on OWASP framework to get the system vulnerabilities and analyze the risks that appears with the ISO 31000 framework. Also, the IT risk management guidelines consist of system improvement recommendations along with evaluation report which obtained from the collaboration analysis the OSINT concept, penetration testing methods, OWASP and ISO 31000 framework.

[...] Read more.
Other Articles