Penetration Testing Berbasis OWASP Testing Guide Versi 4.2 (Studi Kasus: X Website)

  • I Dewa Gede Govindha Dharmawangsa Program Studi Teknologi Informasi, Fakultas Teknik, Universitas Udayana
  • Gusti Made Arya Sasmita Program Studi Teknologi Informasi, Fakultas Teknik, Universitas Udayana
  • I Putu Agus Eka Pratama Program Studi Teknologi Informasi, Fakultas Teknik, Universitas Udayana

Abstract

Government website is one of the strategies in e-government development, x  agency follows this strategy by having a website with address x, along with these developments, cyber attacks through websites also increase, therefore it is necessary to carry out periodic testing and evaluation of websites with penetration testing. Penetration testing is the security testing for network or website to find vulnerabilities that could be exploited by attackers. This research is supported by the OWASP Testing Guide Framework Version 4.2 with 12 modules covering all aspects of security testing on websites. The results of the penetration testing is found vulnerabilities then be assessed for with CVSS Calculator 3.1 and given recommendations afterward. This research finds 32 vulnerabilities, 12 of that vulnerabilities have an impact on the website with 4 vulnerabilities that have a medium risk, 5 vulnerabilities that have a high risk and 2 vulnerabilities that have a critical risk.

References

[1] Margarita Isooraite. (2020). Internet Website Analysis. International Journal of Trend in Scientific Research and Development, 5(1), 9–12.
[2] KOMINFO. (2018). Website Pemerintah Daerah Sangat Penting. https://kominfo.bone.go.id/2018/12/05/website-pemerintah-daerah-sangat-penting/
[3] Trull, J. (2012). Security Through Effective Penetration Testing. ISACA Journal, 2, 1–5.
[4] Ghozali, B., Kusrini, K., & Sudarmawan, S. (2019). Mendeteksi Kerentanan Keamanan Aplikasi Website Menggunakan Metode Owasp (Open Web Application Security Project) Untuk Penilaian Risk Rating. Creative Information Technology Journal, 4(4), 264. https://doi.org/10.24076/citec.2017v4i4.119
[5] Shanley, A., & Johnstone, M. N. (2015). Selection of penetration testing methodologies: A comparison and evaluation. Australian Information Security Management Conference, AISM 2015, 2015, 65–72. https://doi.org/10.4225/75/57b69c4ed938d
[6] Susilo, M. (2018). Rancang Bangun Website Toko Online Menggunakan Metode Waterfall. InfoTekJar (Jurnal Nasional Informatika Dan Teknologi Jaringan), 2(2), 98–105. https://doi.org/10.30743/infotekjar.v2i2.171
[7] Yeboah-Ofori, A. (2018). Cyber Intelligence and OSINT: Developing Mitigation Techniques Against Cybercrime Threats on Social Media. International Journal of Cyber-Security and Digital Forensics, 7(1), 87–98. https://doi.org/10.17781/p002378
[8] Azis, H., & Fattah, F. (2019). Analisis Layanan Keamanan Sistem Kartu Transaksi Elektronik Menggunakan Metode Penetration Testing. ILKOM Jurnal Ilmiah, 11(2), 167–174. https://doi.org/10.33096/ilkom.v11i2.447.167-174
[9] OWASP. (2021). OWASP Web Security Testing Guideo Title. https://owasp.org/www-project-web-security-testing-guide/
[10] First. (2019). CVSS v3.1User Guide. 1–22. https://www.first.org/cvss/
Published
2023-02-12
How to Cite
DHARMAWANGSA, I Dewa Gede Govindha; SASMITA, Gusti Made Arya; PRATAMA, I Putu Agus Eka. Penetration Testing Berbasis OWASP Testing Guide Versi 4.2 (Studi Kasus: X Website). JITTER : Jurnal Ilmiah Teknologi dan Komputer, [S.l.], v. 4, n. 1, p. 1613-1623, feb. 2023. ISSN 2747-1233. Available at: <https://ojs.unud.ac.id/index.php/jitter/article/view/97988>. Date accessed: 22 nov. 2024. doi: https://doi.org/10.24843/JTRTI.2023.v04.i01.p06.

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.