Penetration Testing Berbasis OWASP Testing Guide Versi 4.2 (Studi Kasus: X Website)
Abstract
Government website is one of the strategies in e-government development, x agency follows this strategy by having a website with address x, along with these developments, cyber attacks through websites also increase, therefore it is necessary to carry out periodic testing and evaluation of websites with penetration testing. Penetration testing is the security testing for network or website to find vulnerabilities that could be exploited by attackers. This research is supported by the OWASP Testing Guide Framework Version 4.2 with 12 modules covering all aspects of security testing on websites. The results of the penetration testing is found vulnerabilities then be assessed for with CVSS Calculator 3.1 and given recommendations afterward. This research finds 32 vulnerabilities, 12 of that vulnerabilities have an impact on the website with 4 vulnerabilities that have a medium risk, 5 vulnerabilities that have a high risk and 2 vulnerabilities that have a critical risk.
References
[2] KOMINFO. (2018). Website Pemerintah Daerah Sangat Penting. https://kominfo.bone.go.id/2018/12/05/website-pemerintah-daerah-sangat-penting/
[3] Trull, J. (2012). Security Through Effective Penetration Testing. ISACA Journal, 2, 1–5.
[4] Ghozali, B., Kusrini, K., & Sudarmawan, S. (2019). Mendeteksi Kerentanan Keamanan Aplikasi Website Menggunakan Metode Owasp (Open Web Application Security Project) Untuk Penilaian Risk Rating. Creative Information Technology Journal, 4(4), 264. https://doi.org/10.24076/citec.2017v4i4.119
[5] Shanley, A., & Johnstone, M. N. (2015). Selection of penetration testing methodologies: A comparison and evaluation. Australian Information Security Management Conference, AISM 2015, 2015, 65–72. https://doi.org/10.4225/75/57b69c4ed938d
[6] Susilo, M. (2018). Rancang Bangun Website Toko Online Menggunakan Metode Waterfall. InfoTekJar (Jurnal Nasional Informatika Dan Teknologi Jaringan), 2(2), 98–105. https://doi.org/10.30743/infotekjar.v2i2.171
[7] Yeboah-Ofori, A. (2018). Cyber Intelligence and OSINT: Developing Mitigation Techniques Against Cybercrime Threats on Social Media. International Journal of Cyber-Security and Digital Forensics, 7(1), 87–98. https://doi.org/10.17781/p002378
[8] Azis, H., & Fattah, F. (2019). Analisis Layanan Keamanan Sistem Kartu Transaksi Elektronik Menggunakan Metode Penetration Testing. ILKOM Jurnal Ilmiah, 11(2), 167–174. https://doi.org/10.33096/ilkom.v11i2.447.167-174
[9] OWASP. (2021). OWASP Web Security Testing Guideo Title. https://owasp.org/www-project-web-security-testing-guide/
[10] First. (2019). CVSS v3.1User Guide. 1–22. https://www.first.org/cvss/