Penetration Testing Tangerang City Web Application With Implementing OWASP Top 10 Web Security Risks Framework
Abstract
The speed of technological development has made it possible for all people to be connected to one another. The creation of web-based information systems that help in all areas, including government, health, and education, is one of the forces behind the development of technology. With these technological advancements, websites are susceptible to cybercrimes that could end in the theft of crucial data. Top 10 Web Application Security Risks is the most effective prevention process for decrease company information leaks. On the website tangerangkota.go.id, the researcher will conduct a test using the Top 10 Web Application Security Risks technique. Top 10 Web Application Security Risks consist of Broken Access Control, Cryptographic Failures, Injection, Insecure Design, Security Misconfiguration, Vulnerable and Outdated Components, Identification and Authentication Failures, Software and Data Integrity Failures, Security Logging and Monitoring Failures, Server-Side Request Forgery. The penetration testing results found on the Tangerang City website which are 4 injections, 2 broken access controls, 1 security misconfiguration.
Keywords
Full Text:
PDFReferences
M. Ayu, “BSSN Paparkan Serangan Keamanan Siber di Tahun 2022 Alami Penurunan Dibanding Tahun 2021,” cloudcomputing.id, Jan. 24, 2023. [Online]. Available: https://www.cloudcomputing.id/berita/bssn-paparkan-serangan-siber-alami-penurunan.
M. Subagja, “Penetration Testing Terhadap Website Asosiasi Pekerja Professional Informasi Sekolah Indonesia (APISI),” 2019.
Ahmad Fikri Zulfi, “Evaluation of Student Information System Application Security Using Vapt Framework (Case Study: Sister Universitas Jember),” 2017.
A. Susanto and W. K. Raharja, “Simulation and Analysis of Network Security Performance Using Attack Vector Method for Public Wifi Communication,” IJICS (International J. Informatics Comput. Sci., vol. 5, no. 1, 2021, pp. 7–15.
D. C. Angir, Agustinus, Justinus, “Vulnerability Mapping Pada Jaringan Komputer Di Universitas X”, Jurnal infra vol. 3, no. 2, 2015.
Afif Zirwan, “Pengujian Dan Analisis Keamanan Website Institut Teknologi Padang Menggunakan Acunetix Vulnerability Scanner,” 2022.
A. Marta, D. Setiyadi, and Fata, “Keamanan Website Menggunakan Vulnerability Assessment,” Information for Educators and Professionals, vol. 2, no. 2, Juni 2018, pp. 171-180.
Harry, M. Akbar, Andri, “Vulnerability Assessment Pada Web Server,” 2018.
Mira and Michael, “Vulnerability Assesment Untuk Meningkatkan Kualitas Kemanan Web,” 2021.
Brown and Nicholas, Nmap 7: From Beginner to Pro. USA: Independently Published, 2019.
I. Kamilah and A. Hendri Hendrawan, “Analisis Keamanan Vulnerability pada Server Absensi Kehadiran Laboratorium di Program Studi Teknik Informatika,” Pros. Semnastek, vol. 16, no. 0, 2019, pp. 1–9
M. Anis and Emah, “Network Security Monitoring with Intrusion Detection System,” JUTIF, vol. 3, no. 2, April 2022, pp. 249-253.
Feri, Harjono, and Agung, “Uji Vulnerability pada Website Jurnal Ilmiah Universitas Muhammadiyah Purwokerto Menggunakan OpenVAS dan Acunetix WVS,” 2019.
Mona, “Analisis Celah Keamanan Website Sitasi Menggunakan Vulnerability Assessment,” Jurnal Ilmiah Rekayasa dan Manajemen Sistem Informasi, vol. 1, no. 9, 2023, pp. 1-7.
Fadli and Sofyan, “Implementasi Metode Vulnerability Dan Hardening Pada Sistem Keamanan Jaringan,” Jurnal Teknologi Elektro, vol. 9, no. 1, 2018.
Timoteus and Jimmy, “Analisis Yuridis Pelaksanaan Tugas Pokok Pengelola Domain Internet Indonesia,” NJLO, vol. 1, no. 1, Juli 2020, pp. 53-63.
Thecybersecurityman, “PenTest Edition: Using “theHarvester” to Gather Email accounts, Subdomains, Hosts, LinkedIn Users, Banner Information, and More!” thecybersecurityman.com, Aug. 1, 2018. [Online]. Available: https://thecybersecurityman.com/2018/08/01/pentepe-edition-using-theharvester-to-gather-e-mail-accounts-subdomains-hosts-linkedin-users-banner information-and-more/
I. Kamilah and A. Hendri Hendrawan, “Analisis Keamanan Vulnerability pada Server Absensi Kehadiran Laboratorium di Program Studi Teknik Informatika,” Pros. Semnastek, vol. 16, no. 0, 2019, pp. 1–9.
Dennis, Muhardi, and Warih, “Analisis Resiko Keamanan Terhadap Website Dinas Penanaman Modal Dan Pelayanan Terpadu Satu Pintu Pemerintahan Xyz Menggunakan Standar Penetration Testing Execution Standard (Ptes),” e-Proceeding of Engineering, vol. 7, no. 1, April 2020, pp. 2090.
Sudiharyanto, Roy, and Ihsan, “Analisa Serangan Sql Injeksi Menggunakan Sqlmap,” Jurnal Sistem dan Teknologi Informasi, vol. 4, no. 2, 2018, pp. 88-94.
DOI: https://doi.org/10.31326/jisa.v6i2.1656
Refbacks
- There are currently no refbacks.
Copyright (c) 2023 Yoel Armando, Rosalina Rosalina
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
JOURNAL IDENTITY
Journal Name: JISA (Jurnal Informatika dan Sains)
e-ISSN: 2614-8404, p-ISSN: 2776-3234
Publisher: Program Studi Teknik Informatika Universitas Trilogi
Publication Schedule: June and December
Language: Indonesia & English
APC: The Journal Charges Fees for Publishing
Indexing: EBSCO , DOAJ, Google Scholar, Arsip Relawan Jurnal Indonesia, Directory of Research Journals Indexing, Index Copernicus International, PKP Index, Science and Technology Index (SINTA, S4) , Garuda Index
OAI address: http://trilogi.ac.id/journal/ks/index.php/JISA/oai
Contact: jisa@trilogi.ac.id
Sponsored by: DOI – Digital Object Identifier Crossref, Universitas Trilogi
In Collaboration With: Indonesian Artificial Intelligent Ecosystem(IAIE), Relawan Jurnal Indonesia, Jurnal Teknologi dan Sistem Komputer (JTSiskom)
JISA (Jurnal Informatika dan Sains) is Published by Program Studi Teknik Informatika, Universitas Trilogi under Creative Commons Attribution-ShareAlike 4.0 International License.