Analisis Keamanan Aplikasi “Point of Sale” Berbasis Web Menggunakan Pendekatan ISO/IEC 29119 Software Testing Standard
Keywords:
Web Application Security, ISO/IEC 29119, Software Testing, Point of Sale System, OWASPAbstract
Web-based Point of Sale (POS) systems are widely adopted by small and medium-sized retail businesses, yet insufficient security implementation can expose them to data breaches and financial losses. This study analyzes security vulnerabilities in the Codekop POS v2.0 application using a testing framework based on the ISO/IEC 29119 standard. The testing process follows ISO/IEC 29119-2 with documentation aligned to ISO/IEC 29119-3, applying manual code review techniques to ten core components. The assessment focuses on authentication, session management, injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and directory traversal, referring to the OWASP Top 10 guidelines. The results reveal one critical, four high, five medium vulnerabilities, and four aspects meeting security standards, with an overall compliance rate of 26.7%. This study provides an ISO/IEC 29119-based web application security testing framework and prioritized improvement recommendations to strengthen POS system security.
References
Aisyah, S., Anwar, C., Satmoko, N. D., & Nuryanto, U. W. (2023). Role of product quality and store atmosphere on purchase decision of clothing product Vintage Vibes. JEMSI (Jurnal Ekonomi, Manajemen, dan Akuntansi, 9(1), 172–178.
Anwar, C. (2019). Perancangan sistem informasi Human Resources Development pada PT. Semacom Integrated. International Journal of Education, Science, Technology, and Engineering (IJESTE), 2(1), 19–38. https://doi.org/10.36079/lamintang.ijeste-0201.16
Anwar, C. (2022). Application of academic information system with Extreme Programming method (Case study: Jakarta International Polytechnic) [Laporan]. [Penerbit tidak disebutkan].
Anwar, C. (2024a). Prediction of academic achievement of Pamulang University students using artificial neural networks. [Jurnal tidak disebutkan].
Anwar, C. (2024b). Rekomendasi teknis untuk pengolahan data berbasis web. Jurnal Informatika Utama, 2(1), 50–54. https://doi.org/10.55903/jitu.v2i1.166
Anwar, C., & Harits, A. (2025). Perancangan sistem kuisioner penilaian kapabilitas framework COBIT 2019. Jurnal Informatika Utama, 3(1), 42–51.
Anwar, C., & Riyanto, J. (2019). Perancangan sistem informasi Human Resources Development pada PT. Semacom Integrated. International Journal of Education, Science, Technology, and Engineering (IJESTE), 2(1), 19–38. https://doi.org/10.36079/lamintang.ijeste-0201.16
Anwar, C., Handijono, A., & Harits, A. (2025a). Pemanfaatan penggunaan sosial media dengan bijak dalam teknologi informasi di era digital di SMK Media Informatika. Attamkiim: Jurnal Pengabdian Masyarakat, 2(1), 58–64.
Anwar, C., Handijono, A., & Harits, A. (2025b). Pemanfaatan penggunaan sosial media dengan bijak dalam teknologi informasi di era digital di SMK Media Informatika. Journal of Community Service Synergy, 1(1), 71–77.
Anwar, C., Jagat, L. S., Yanti, I., Anjarsari, E., & Sholihah, N. A. (2023). Pengembangan media pembelajaran berbasis teknologi untuk meningkatkan kemampuan anak. Caruban: Jurnal Ilmiah Ilmu Pendidikan Dasar, 6(2), 154–163.
Anwar, C., Kom, S., Kom, M., Santiari, C. N. P. L., & Sitorus, Z. (2023). Buku referensi sistem informasi berbasis kearifan lokal. CV Pustaka Ilmiah.
Farizy, S., Trisnawan, A. B., Silalahi, L. M., Yuliadi, B., Anwar, C., Alamsyah, D., ... & Sitorus, B. B. (2025). Buku ajar jaringan komputer: Dari teori dasar hingga jaringan nirkabel. CV Rey Media Grafika.
Handayani, T., Silalahi, L. M., Nugroho, S. S. P., Anwar, C., Mursyidin, I. H., Sumantri, A., ... & Yulianti, B. (2025). Pengantar sistem informasi: Konsep, teknologi, dan implementasi. CV Pustaka Informatika.
IEEE. (1990). IEEE standard glossary of software engineering terminology (IEEE Std 610.12-1990). IEEE Computer Society.
Indra, S., Anwar, C., Kom, S., Asparizal, S., Kom, M., Nur, R. A., ... & Hafrida, L. (2025). Komputer dan masyarakat. CV Rey Media Grafika.
Black, R. (2020). Black-Box Testing: Techniques for Functional Testing of Software and Systems. Wiley.
Codekop. (2022). Dokumentasi Fitur Inventaris dan Notifikasi Stok. Official Documentation.
Fauzan1892. (2022). Aplikasi POS Kasir Codekop v2.0 - PHP & MySQL. GitHub Repository.
ISO/IEC/IEEE 29119-1:2022. Software and systems engineering — Software testing.
Mustaqbal, M. S., dkk. (2015). Pengujian Aplikasi Menggunakan Black Box Testing Boundary Value Analysis.
National Vulnerability Database (NVD). (2023). Analysis of Vulnerabilities in POS-Kasir-PHP. NIST.
OWASP Foundation. (2021). OWASP Top 10:2021 The Next Generation of Application Security.
Pressman, R. S. (2019). Software Engineering: A Practitioner's Approach. McGraw-Hill.
Sommerville, I. (2021). Software Engineering (10th ed.). Pearson.
