Vulnerability Testing Analysis of XYZ Regional Government Site Using PTES

  • Shita Widya Ningsih Universitas Telkom
Keywords: Vulnerability, Vulnerability Assessment, Penetration Testing, PTES

Abstract

The rapid development of technology is aligned with the development of web-based applications and it also increases security attacks and various threat techniques that attack the web. The integrated service office at the XYZ local government has used the website to help one of its business processes. That way, a vulnerability assessment, and penetration testing are needed to find out the security gaps on the website. Vulnerability Assessment is a method to search for existing security vulnerabilities on a website and penetration testing is a method to test security vulnerabilities on a website. In this study, vulnerability assessment and penetration testing will be carried out on the integrated service site at the XYZ regional government using the PTES standard with several tools used, namely OWASP ZAP, Acunetix, and Paros on Kali Linux. The vulnerability assessment results obtained on the integrated service website have different types of vulnerabilities and levels of risk according to the tools used. In the tests carried out on the OWASP ZAP tool, the vulnerability with a high-risk level of 10% was obtained. The Acunetix tool got a high-risk level of 16.6%, and the Paros tool got a vulnerability with a high-risk level of 20%.

References

[1] R. Asmara, “Sistem Informasi Pengolahan Data Penanggulangan Bencana Pada Kantor Badan Penanggulangan Bencana Daerah (BPBD) Kabupaten Padang Pariaman,” J. J-Click, vol. 3, no. 2, hal. 80–91, 2016.
[2] Y. Praptomom, “Keamanan Sistem Informasi,” STMIK El Rahma – Yogyakarta, hal. 1–14, 2016.
[3] A. E. Prasetiadi, “Web 3.0: Teknologi Web Masa Depan,” INDEPT, vol. 1, no. 3, hal. 1–6, 2011.
[4] Direktorat Jendral Aplikasi Informatika Kemenkominfo, Laporan Tahunan Direktorat Jendral Aplikasi Informatika 2017. 2017.
[5] L. Von Ahn, B. Maurer, C. McMillen, D. Abraham, dan M. Blum, “reCAPTCHA: Human-based character recognition via web security measures,” Science (80-. )., vol. 321, no. 5895, hal. 1465–1468, 2008, doi: 10.1126/science.1160379.
[6] F. Ridho, “Kinerja Modsecurity Technical Report (Studi Kasus: Pencegahan Terhadap Serangan SQL Injection),” Apl. Stat. Dan Komputasi Stat., vol. 7, no. 1, hal. 75–101, 2015.
[7] B. V. Tarigan, A. Kusyanti, dan W. Yahya, “Analisis Perbandingan Penetration Testing Tool Untuk Aplikasi Web,” J. Pengemb. Teknol. Inf. dan Ilmu Komput., vol. 1, no. 3, hal. 206–214, 2017.
[8] A. Adrian dan A. Setiyadi, “Analisis Keamanan Jaringan Dengan Metode Penetration Testing Execution Standard ( Ptes ) Di Dinas Kesehatan Provinsi Jawa Barat,” J. Unikom Repisitory, no. 1, hal. 1–8, 2018.
[9] T. Syarif Revolino dan D. Jatmiko Andri, “Analisis Perbandingan Metode Web Security Ptes , Issaf Dan Owasp Di Dinas Komunikasi Dan Informasi Kota Bandung,” hal. 8, 2018, [Daring]. Tersedia pada: https://elibrary.unikom.ac.id/880/13/21.10112427_TIO REVOLINO SYARIF_JURNAL BAHASA INDONESIA.pdf.
[10] T. P. Team, The Penetration Testing Execution Standard Documentation. 2021.
Published
2021-09-14