Website Security Analysis Using Penetration Testing Method

Tio Rahmadi; Khairil Khairil; Reno Supardi

doi:10.37638/gatotkaca.v2i2.428

Authors

Tio Rahmadi Department of Information Systems, Faculty of computer science, Universitas Dehasen Bengkulu
Khairil Khairil Department of Information Systems, Faculty of computer science, Universitas Dehasen Bengkulu
Reno Supardi Department of Information Systems, Faculty of computer science, Universitas Dehasen Bengkulu

DOI:

https://doi.org/10.37638/gatotkaca.v2i2.428

Keywords:

Website Security, Cyber, Penetration Testing, Self Test, Zero Entry Hacking

Abstract

Penetration testing is one method to secure websites from attacks by irresponsible people or hackers. With this method, website owners can find out where the vulnerabilities are on the website. This study aims to test the level of security on a website. The penetration testing method used is the Zero Entry hacking method with 4 stages, namely: reconnaissance, scanning, exploitation, and post exploitation and maintaining access. The results obtained from this study are that High Court of Bengkulu’s website has 4 vulnerabilities that have been successfully exploited, there is 1 vulnerability that is in the High category, and 3 vulnerabilities that are categorized as medium, the results of the exploitation test that were successfully carried out were measured using the Common Vulnerability Scoring System (CVSS), therefore it can be seen that the overall level of vulnerability of High Court of Bengkulu’s website has a score of 6.0 (medium), which means that High Court of Bengkulu’s website is quite safe against cyber attacks.

References

Aliefyan Arbi, 2018. Analisis Keamanan Sistem Informasi Akademik dengan Web Penetration Testing. Undergraduate Theses of Informatic Technique, 2018.

Dwi Bayu Rendro, dkk, 2020. Analisis Monitoring Sistem Keamanan Jaringan Komputer Menggunakan Software NMAP ( Studi Kasus di SMK Negeri 1 Kota Serang). Jurnal Prosisko, 2020 (7), 108-115

DNSdumpster. 2019. DNSdumpster. https://dnsdumpster.com/

Engerbetson, 2013. The Basics of Hacking And Penetration Testing Second Edition.

USA, Syngress. 178 hal.

First (2019), Common Vulnerability Scoring System (CVSS).

https://www.first.org/cvss/specification-document

Feri Wibowo, dkk (2019). Uji Vulnerability pada Website Jurnal Ilmiah Universitas Muhammadiyah Purwokerto Menggunakan OpenVAS dan Acunetix WVS. Jurnal Informatika. 2019 (6), 212-218.

Gitanjali Simran T dan Sasikala D (2019). Vulnerability Assessment of Web Applications using Penetration Testing. International Journal of Recent Technology and Engineering (IJRTE). 2019 (4), 1552-1556.

Guntoro dkk. 2020. Analisis Keamanan Web Server Open Journal System (OJS) Menggunakan Metode ISSAF dan OWASP (Studi Kasus OJS Universitas Lancang Kuning). Jurnal Ilmiah Penelitian dan Pembelajaran Informatika, 2020 (5), 45-55.

Hernawan & Kho 2019. Bug Hunting 101. (Web Application Security). Jawa Barat, AlfursanID. 231 hal.

ICANN, (2017). WHOIS Primer. https://whois.icann.org/en/primer

Kali, (2021), Weevely, https://tools.kali.org/maintaining-access/weevely

Sqlmap, https://en.kali.tools/?p=1

Patil, D.K. and Patil, K. 2016. Automated Client-side Sanitizer for Code Injection Attacks. International Journal of Information Technology and Computer Science, 2016 (4), 86-95.

Rama Sahtyawan, 2019. Penerapan Zero Entry Hacking Didalam Security Misconfiguration pada Vulnerability Assessment and Penetration Testing (VAPT). Jurnal of Information System Management, 2019(1), 18-22.

Rizky Dwiananda Lukita Putra dan Is Mardianto, 2019. Exploitation with Reverse_tcp method on Android Device Using Metasploit. Jurnal Edukasi dan Penelitian Informatika. 2019(5), 106-112.

Ric Messier, 2019. Certified Ethical Hacker (CEH) v10 Study Guide. United Kingdom. Sybex. 592 hal.

Sean-Philip Oriyano, 2016, Certified Ethical Hacker (CEH) v9 Study Guide, United Kingdom, Sybex. 786 hal.

Wahyu Nur Cholifah, 2018. Pengujian Black Box Testing Pada Aplikasi Action & Strategy Berbasis Android dengan Teknologi Phonegap, Jurnal String, 2018 (3), 106-110

Warsun Najib dkk, 2020. Tinjauan Ancaman dan Solusi Keamanan pada Teknologi Internet of Things (Review on Security Threat and Solution of Internet of Things Technology). Jurnal Nasional Teknik Elektro dan Teknologi Informasi. 2020 (9), 375-384.

WPScan, 2021. WordPress Vulnerability Scanner. https://wpscan.com/wordpress- security-scanner