Web vulnerability analysis and implementation

Setiawan, Endra; Setiyadi, Angga

doi:10.1088/1757-899x/407/1/012081

Cited by 19 publications

(7 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…One type of risk level assessment of website application vulnerabilities is OWASP (Open Web Application Security Project) [11]. OWASP was developed with the aim of providing a data source so that application developers can learn about website security systems and improve their security.…”

Section: Security Level Assessment With Owaspmentioning

confidence: 99%

Website Vulnerability Testing and Analysis of Website Application Using OWASP

Priyawati

Rokhmah²,

Utomo³

2022

IJCIS

View full text Add to dashboard Cite

Many businesses, organizations, and social institutions use websites to support their main tasks. The various benefits of the website must be supported by the security aspects of the website in order to avoid hacking. Cyber attacks or hackers can do dangerous things like get more valuable data. So it is necessary to test a good website to find out the level of vulnerability of application features in it. A suitable test for websites where the website is distributed over a network is the grey box penetration test. This study performs a grey box penetration testing technique using the OWASP method and the OWASP ZAP tool. The test steps are collecting test target information, performing automatic scanning with the help of OWASP ZAP, exploiting the scan results, reporting, and providing recommendations. The test results show the target application website has 12 vulnerabilities with 8.3% at the high level vulnerability or 1 alert, 41.7% at the medium level or 5 alerts, 33.3% at the low level or 4 alerts, and 16.7 at the informational level or 2 alerts. These vulnerabilities are related to matters related to A01-Broken Access Control, A03-Injection, A05-Security Misconfiguration, and A08-Software and Data Integrity Failures.

show abstract

Section: Security Level Assessment With Owaspmentioning

confidence: 99%

Website Vulnerability Testing and Analysis of Website Application Using OWASP

Priyawati

Rokhmah²,

Utomo³

2022

IJCIS

View full text Add to dashboard Cite

show abstract

“…Serangan XSS dilakukan dengan menggunakan kode atau script yang memiliki karakter spesial dan kode tersebut diletakkan di akhir URL website dimana kode atau script yang dimaksud adalah kode javascript yang disisipkan pada website [10]. XSS juga dapat diartikan sebagai kelemahan yang terjadi karena web server tidak dapat memvalidasi data masukan yang diberikan oleh pengguna [11]. Dampak dari serangan menggunakan teknik XSS ini adalah seorang peretas dapat mengetahui isi dari database dan akan menjadi sangat berbahaya jika serangan itu terjadi [12].…”

Section: Pendahuluanunclassified

Optimalisasi dalam Penetrasi Testing Keamanan Website Menggunakan Teknik SQL Injection dan XSS

Risky

Yuhandri

2021

JSisfotek

View full text Add to dashboard Cite

SQLI (SQL Injection) and XSS are hacking techniques that are often used by hackers. This technique can find out the contents of the database by inserting a script on the website. This technique can be a threat if a website does not have security that can ward off such attacks. Hackers will look for loopholes using this technique in a login menu, searching, upload menu, input menu and URLs that have parameters ending in numbers, but not all websites that can be attacked use this technique if you don't limit the use of characters. This research was conducted to find out the gaps in a website that can be attacked with SQLI and XSS techniques and help optimize website security to avoid these attacks. Penetration testing will be carried out on a CV car rental website. Merdeka Auto Rental which is located in Padang City. This penetration testing uses SQLI and XSS techniques to find security holes in a website. The result of this test is that on the car rental website there are 12 gaps that are vulnerable to SQLI and XSS attacks, based on the results of these tests, a PHP script function is made that can remove all dangerous special characters. The script function is inserted in the PHP input, process and output files. The use of this script function does not apply to attacks other than SQLI and XSS so that if hackers use attack techniques other than that, this website is vulnerable to these attacks. After the script is inserted in the source code of the website, it can be concluded that the 12 known loopholes in the previous test without using the script function have changed status to not vuln or not vulnerable to SQLI and XSS attacks.

show abstract

“…Dengan melakukan penetration test, celah keamanan pada sistem dapat ditutup sebelum serangan yang sebenarnya terjadi. Salah satu tujuan utama penetration test adalah untuk menciptakan keamanan suatu sistem [5].…”

Section: Pendahuluanunclassified

Meningkatkan Keamanan Sistem Informasi Puskesmas Terpadu dengan Metode Grey-Box Penetration Test Menggunakan Computer Assisted Audit Techniques

Pirsa

Sumijan

2020

jidt

View full text Add to dashboard Cite

Keamanan sistem informasi merupakan hal yang wajib diperhatikan oleh pemiliknya agar terhindar dari kejahatan siber. Sistem informasi yang memiliki kerentanan keamanan dapat mengancam infrastruktur penting suatu organisasi. Kerentanan keamanan adalah segala jenis celah yang memungkinkan penyerang untuk dapat masuk kedalam sistem secara illegal dan melakukan tidakan yang tidak diinginkan. Penetration test pada sistem informasi perlu dilakukan untuk memastikan keamanannya. Penelitian ini bertujuan untuk meningkatkan keamanan sistem informasi puskesmas terpadu Kota Payakumbuh sehingga data dan informasi yang ada terjamin keamanannya. Metode yang digunakan adalah grey box penetration test menggunakan computer assisted audit techniques. Hasil penelitian ini ditemukan 97 kerentanan kategori tinggi, 1 kerentanan kategori sedang dan 26 kerentanan kategori rendah. Dinas Komunikasi dan Informatika Kota Payakumbuh dapat memanfaatkan hasil penetration test sebagai referensi untuk meningkatkan keamanan sistem informasi puskesmas terpadu Kota Payakumbuh.

show abstract

Web vulnerability analysis and implementation

Cited by 19 publications

References 1 publication

Website Vulnerability Testing and Analysis of Website Application Using OWASP

Website Vulnerability Testing and Analysis of Website Application Using OWASP

Optimalisasi dalam Penetrasi Testing Keamanan Website Menggunakan Teknik SQL Injection dan XSS

Meningkatkan Keamanan Sistem Informasi Puskesmas Terpadu dengan Metode Grey-Box Penetration Test Menggunakan Computer Assisted Audit Techniques

Contact Info

Product

Resources

About