Implementation of Penetration testing on Websites to Improve Security of Information Assets UPN "Veteran" Yogyakarta

Herry Sofyan, Meilan Sugiarto, Bagus Muhammad Akbar

Abstract


Purpose: This study aims to implement penetration testing on the website https://fit.upnyk.ac.id owned by Telematics UPN "Veteran" Yogyakarta to determine whether there are vulnerabilities or security holes in the web server. Then make an analysis based on the results of penetration testing on the web server using penetration testing tools (penetration testing scanner) so that recommendations for improvements are obtained to close security holes that can be used as a way for hackers to enter the system, as well as provide risk mitigation recommendations.
Design/methodology/approach: This study uses the penetration test method which consists of five stages, namely literature study, information gathering, identification of system vulnerabilities, penetration testing and analysis. Penetration tests were carried out using acunetix tools and analysis using the OWASP and ISAAF methods.
Findings/result: Based on research conducted on the website https://fit.upnyk.ac.id/ using the OWASP method, several vulnerabilities were found, including one vulnerability with a high level (high), three with a medium level and six with a low level (low), so that it can be it can be concluded that in general the level of vulnerability of the website is at the medium level
Originality/value/state of the art: Penetration testing on the website can be done by identifying system vulnerabilities, penetration testing and analysis. The OWASP method can be used to find vulnerabilities on a website


Keywords


webserver, pentest, owasp, framework.

Full Text:

PDF

References


Abidin, A., Zainal, Penetration testing Menggunakan Metode Owasp (Open Web Application Security Project), https://dspace.uii.ac.id

Dirgahayu, R.T, Prayudi, Fajaryanto, Penerapan Metode ISSAF dan OWASP versi 4 Untuk Uji Kerentanan Web Server, Networking Engineering Research Operation Vol 1, No 3 (2015).

Fauzan, R. H. (2019). Pengujian Keamanan Sistem Informasi Akademik Menggunakan Metode Penetration testing. Studi Kasus: Institut Pertanian Stiper Yogyakarta.

I Gede Ary Suta Sanjaya, Gusti Made Arya Sasmita, D. M. S. A. (2020). Evaluasi Keamanan Website Lembaga X Melalui Penetration testing Menggunakan Framework ISSAF. Jurnal Ilmiah Merpati, Vol. 8, No(2), 113–124.

Jofie yordan, muhammad fikrie. (2019, February 17). BSSN Bikin Website Pemantau Serangan Siber di Indonesia. https://kumparan.com/kumparantech/bssn-bikin-website-pemantau-serangan-siber-di-indonesia-1549535309181754057/full

KOMINFO (2011), Panduan Keamanan Web Server, Direktorat Keamanan Informasi, KOMINFO RI.

Nazwita, S. R. (2017). Analisis Sistem Keamanan Web Server dan Database Server Menggunakan Suricata. Seminar Nasional Teknologi Informasi Komunikasi Dan Industri, 0(0), 2579–5406. http://ejournal.uin-suska.ac.id/index.php/SNTIKI/article/view/3368

OWASP, “The ten Most Critical Web Application Security Risk,” http://www.owasp.org, 2017

Rheno Widianto, S., & Abdullah Azzam, I. (2018). Analisis Upaya Peretasan Web Application Firewall dan Notifikasi Serangan Menggunakan Bot Telegram pada Layanan Web Server. Elektra, 3(2), 19–28.

Fahmi Fachri , Abdul Fadlil & Imam R. (2021). Analisis Keamanan Webserver Menggunakan Penetration Test. Jurnal Informatika, 3(2), 183-190

Reza Vidi A., Edi Surya N. (2022). Pemindai Kerentanan Terhadap Website Jago Masak Dengan Metode Pengujian Penetrasi OWASP ZAP. Jurnal Mantik, 6(3), 3406-3412

Bhaskara, V. T., Ari K., & Yahya, W.. (2017) Analisis Perbandingan Penetration testing Tool Untuk Aplikasi Web. Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, 1(3), 206-214.

Yulia Fauzan, Fadilla & Syukhri. (2021). Analisis Metode Web Security PTES (Penetration testing Execution And Standart) Pada Aplikasi E-Learning Universitas Negeri Padang. Jurnal Vocational Teknik Elektronika dan Informatika, 9(2).

I Gede A. S., Gusti Made A., Dewa Made S.. (2020). Evaluasi Keamanan Website Lembaga X Melalui Penetration testing Menggunakan Framework ISSAF. Jurnal Ilmiah Merpati, 8(2).

Marzuki H., & Andi Marwan E. (2022). Penetration testing Sistem Jaringan Komputer Menggunakan Kali Linux Untuk Mengetahui Kerentanan Keamanan Server Dengan Metode Black Box Studi Kasus Web Server Diva Karaoke.co.id. Jurnal Teknik Informatika, 1(4).




DOI: https://doi.org/10.31315/telematika.v20i2.7757

DOI (PDF): https://doi.org/10.31315/telematika.v20i2.7757.g5654

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Copyright of :
TELEMATIKA: Jurnal Informatika dan Teknologi Informasi
ISSN 1829-667X (print); ISSN 2460-9021 (online)


Dipublikasi oleh
Jurusan Teknik Informatika, UPN Veteran Yogyakarta
Jl. Babarsari 2 Yogyakarta 55281 (Kampus Unit II)
Telp: +62 274 485786
email: jurnaltelematika@upnyk.ac.id

 

Jurnal Telematika sudah diindeks oleh beberapa lembaga berikut:
 

 

 

 

 

Status Kunjungan Jurnal Telematika