Penetration Testing Tangerang City Web Application With Implementing OWASP Top 10 Web Security Risks Framework

Yoel Armando, Rosalina Rosalina

Abstract


The speed of technological development has made it possible for all people to be connected to one another. The creation of web-based information systems that help in all areas, including government, health, and education, is one of the forces behind the development of technology. With these technological advancements, websites are susceptible to cybercrimes that could end in the theft of crucial data. Top 10 Web Application Security Risks is the most effective prevention process for decrease company information leaks. On the website tangerangkota.go.id, the researcher will conduct a test using the Top 10 Web Application Security Risks technique. Top 10 Web Application Security Risks consist of Broken Access Control, Cryptographic Failures, Injection, Insecure Design, Security Misconfiguration, Vulnerable and Outdated Components, Identification and Authentication Failures, Software and Data Integrity Failures, Security Logging and Monitoring Failures, Server-Side Request Forgery. The penetration testing results found on the Tangerang City website which are 4 injections, 2 broken access controls, 1 security misconfiguration.


Keywords


Penetration Testing; OWASP 10; Vulnerability Assesment; Exploitation

Full Text:

PDF

References


M. Ayu, “BSSN Paparkan Serangan Keamanan Siber di Tahun 2022 Alami Penurunan Dibanding Tahun 2021,” cloudcomputing.id, Jan. 24, 2023. [Online]. Available: https://www.cloudcomputing.id/berita/bssn-paparkan-serangan-siber-alami-penurunan.

M. Subagja, “Penetration Testing Terhadap Website Asosiasi Pekerja Professional Informasi Sekolah Indonesia (APISI),” 2019.

Ahmad Fikri Zulfi, “Evaluation of Student Information System Application Security Using Vapt Framework (Case Study: Sister Universitas Jember),” 2017.

A. Susanto and W. K. Raharja, “Simulation and Analysis of Network Security Performance Using Attack Vector Method for Public Wifi Communication,” IJICS (International J. Informatics Comput. Sci., vol. 5, no. 1, 2021, pp. 7–15.

D. C. Angir, Agustinus, Justinus, “Vulnerability Mapping Pada Jaringan Komputer Di Universitas X”, Jurnal infra vol. 3, no. 2, 2015.

Afif Zirwan, “Pengujian Dan Analisis Keamanan Website Institut Teknologi Padang Menggunakan Acunetix Vulnerability Scanner,” 2022.

A. Marta, D. Setiyadi, and Fata, “Keamanan Website Menggunakan Vulnerability Assessment,” Information for Educators and Professionals, vol. 2, no. 2, Juni 2018, pp. 171-180.

Harry, M. Akbar, Andri, “Vulnerability Assessment Pada Web Server,” 2018.

Mira and Michael, “Vulnerability Assesment Untuk Meningkatkan Kualitas Kemanan Web,” 2021.

Brown and Nicholas, Nmap 7: From Beginner to Pro. USA: Independently Published, 2019.

I. Kamilah and A. Hendri Hendrawan, “Analisis Keamanan Vulnerability pada Server Absensi Kehadiran Laboratorium di Program Studi Teknik Informatika,” Pros. Semnastek, vol. 16, no. 0, 2019, pp. 1–9

M. Anis and Emah, “Network Security Monitoring with Intrusion Detection System,” JUTIF, vol. 3, no. 2, April 2022, pp. 249-253.

Feri, Harjono, and Agung, “Uji Vulnerability pada Website Jurnal Ilmiah Universitas Muhammadiyah Purwokerto Menggunakan OpenVAS dan Acunetix WVS,” 2019.

Mona, “Analisis Celah Keamanan Website Sitasi Menggunakan Vulnerability Assessment,” Jurnal Ilmiah Rekayasa dan Manajemen Sistem Informasi, vol. 1, no. 9, 2023, pp. 1-7.

Fadli and Sofyan, “Implementasi Metode Vulnerability Dan Hardening Pada Sistem Keamanan Jaringan,” Jurnal Teknologi Elektro, vol. 9, no. 1, 2018.

Timoteus and Jimmy, “Analisis Yuridis Pelaksanaan Tugas Pokok Pengelola Domain Internet Indonesia,” NJLO, vol. 1, no. 1, Juli 2020, pp. 53-63.

Thecybersecurityman, “PenTest Edition: Using “theHarvester” to Gather Email accounts, Subdomains, Hosts, LinkedIn Users, Banner Information, and More!” thecybersecurityman.com, Aug. 1, 2018. [Online]. Available: https://thecybersecurityman.com/2018/08/01/pentepe-edition-using-theharvester-to-gather-e-mail-accounts-subdomains-hosts-linkedin-users-banner information-and-more/

I. Kamilah and A. Hendri Hendrawan, “Analisis Keamanan Vulnerability pada Server Absensi Kehadiran Laboratorium di Program Studi Teknik Informatika,” Pros. Semnastek, vol. 16, no. 0, 2019, pp. 1–9.

Dennis, Muhardi, and Warih, “Analisis Resiko Keamanan Terhadap Website Dinas Penanaman Modal Dan Pelayanan Terpadu Satu Pintu Pemerintahan Xyz Menggunakan Standar Penetration Testing Execution Standard (Ptes),” e-Proceeding of Engineering, vol. 7, no. 1, April 2020, pp. 2090.

Sudiharyanto, Roy, and Ihsan, “Analisa Serangan Sql Injeksi Menggunakan Sqlmap,” Jurnal Sistem dan Teknologi Informasi, vol. 4, no. 2, 2018, pp. 88-94.




DOI: https://doi.org/10.31326/jisa.v6i2.1656

Refbacks

  • There are currently no refbacks.


Copyright (c) 2023 Yoel Armando, Rosalina Rosalina

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


JOURNAL IDENTITY

Journal Name: JISA (Jurnal Informatika dan Sains)
e-ISSN: 2614-8404, p-ISSN: 2776-3234
Publisher: Program Studi Teknik Informatika Universitas Trilogi
Publication Schedule: June and December 
Language: Indonesia & English
APC: The Journal Charges Fees for Publishing 
IndexingEBSCODOAJGoogle ScholarArsip Relawan Jurnal IndonesiaDirectory of Research Journals Indexing, Index Copernicus International, PKP IndexScience and Technology Index (SINTA, S4) , Garuda Index
OAI addresshttp://trilogi.ac.id/journal/ks/index.php/JISA/oai
Contactjisa@trilogi.ac.id
Sponsored by: DOI – Digital Object Identifier Crossref, Universitas Trilogi

In Collaboration With: Indonesian Artificial Intelligent Ecosystem(IAIE), Relawan Jurnal IndonesiaJurnal Teknologi dan Sistem Komputer (JTSiskom)

 

 


JISA (Jurnal Informatika dan Sains) is Published by Program Studi Teknik Informatika, Universitas Trilogi under Creative Commons Attribution-ShareAlike 4.0 International License.