Tiarto, Rizky Dwi and Prayitno, Budi and Kusuma, Dine Tiara (2024) DETEKSI VULNERABILITY DENGAN PENETRATION TESTING MENGGUNAKAN METODE INFORMATION SYSTEM SECURITY ASSESMENT FRAMEWORK UNTUK OPTIMALISASI KEAMANAN WEBSITE. Diploma thesis, ITPLN.
![[thumbnail of 202031081_Rizky Dwi Tiarto_Revisi_Skripsi_RIZKY DWI Tiarto.pdf]](https://repository.itpln.ac.id/style/images/fileicons/text.png)
Text
202031081_Rizky Dwi Tiarto_Revisi_Skripsi_RIZKY DWI Tiarto.pdf
Restricted to Repository staff only
Download (4MB)
Abstract
Penelitian ini meneliti keamanan aplikasi web dalam menghadapi ancaman serangan siber yang semakin canggih seiring dengan pesatnya perkembangan teknologi. Fokus utama penelitian adalah penerapan metode Penetration Testing menggunakan Information System Security Assessment Framework (ISSAF) untuk mengidentifikasi dan mengukur kerentanan pada dua situs web yang memiliki arsitektur berbeda yaitu vulnhub.com, sebuah platform pembelajaran keamanan siber, dan zachmain.masuk.web.id, sebuah situs e-commerce. Pengujian dilakukan dengan alat-alat seperti Kali Linux dan Nmap, serta penilaian risiko menggunakan Common Vulnerability Scoring System (CVSS). Hasil pengujian menunjukkan bahwa situs vulnhub.com memiliki dua kerentanan utama, yaitu Cross-Site Request Forgery (CSRF) dengan skor risiko 5,4 (Medium) dan serangan Denial of Service (DoS) tipe Slowloris dengan skor risiko 7,7 (High). Sementara itu, situs zachmain.masuk.web.id ditemukan memiliki 78 kerentanan, dengan rincian 9 kerentanan (Critical), 16 berisiko (High), 26 berisiko (Medium), dan 27 berisiko (Low). Temuan ini mengindikasikan bahwa kedua situs memiliki celah keamanan yang dapat dimanfaatkan oleh pihak tidak bertanggung jawab. Penelitian ini menekankan pentingnya penerapan langkah-langkah mitigasi yang tepat, untuk mengurangi risiko dan meningkatkan keamanan situs web. Dengan demikian, penelitian ini diharapkan dapat menjadi panduan bagi pengelola website dalam mengoptimalkan keamanan sistem informasi mereka.
This research examines the security of web applications in the face of the threat of cyber attacks that are increasingly sophisticated along with the rapid development of technology. The main focus of the research is the application of Penetration Testing method using Information System Security Assessment Framework (ISSAF) to identify and measure vulnerabilities on two websites that have different architectures namely vulnhub.com, a cybersecurity learning platform, and zachmain.masuk.web.id, an e commerce site. Testing was conducted with tools such as Kali Linux and Nmap, and risk assessment using the Common Vulnerability Scoring System (CVSS). The test results show that the vulnhub.com site has two main vulnerabilities, namely Cross-Site Request Forgery (CSRF) with a risk score of 5.4 (Medium) and a Slowloris-type Denial of Service (DoS) attack with a risk score of 7.7 (High). Meanwhile, the zachmain.masuk.web.id site was found to have 78 vulnerabilities, with details of 9 vulnerabilities (Critical), 16 at risk (High), 26 at risk (Medium), and 27 at risk (Low). These findings indicate that both sites have security holes that can be exploited by irresponsible parties. This research emphasizes the importance of implementing appropriate mitigation measures, to reduce risks and improve website security. Thus, this research is expected to serve as a guide for website managers in optimizing the security of their information systems.
| Item Type: | Thesis (Diploma) |
|---|---|
| Uncontrolled Keywords: | ISSAF, Website, CVSS, Penetration Testing, Vulnerability ISSAF, Website, CVSS, Penetration Testing, Vulnerability. |
| Subjects: | Skripsi Bidang Keilmuan > Teknik Informatika |
| Divisions: | Fakultas Telematika Energi > S1 Teknik Informatika |
| Depositing User: | Sudarman |
| Date Deposited: | 15 Sep 2025 06:52 |
| Last Modified: | 15 Sep 2025 06:52 |
| URI: | https://repository.itpln.ac.id/id/eprint/1073 |
Actions (login required)
- View Item