Meningkatkan Keamanan Webserver Aplikasi Pelaporan Pajak Daerah Menggunakan Metode Penetration Testing Execution Standar
DOI:
https://doi.org/10.37034/jsisfotek.v3i1.36Keywords:
Pentest, Webserver, Vulnerability Assesment, Security, AttackAbstract
Regional Tax Reporting Application Webserver is one of the public services for taxpayers to report their sales transactions. This application can be accessed on the domain http://sptpd.payakumbuhkota.go.id. This application is public, so the principles of information security must be applied to prevent cyber attacks. The principles of information security include confidentiality, integrity, and availability. To apply this information security principle, it is necessary to conduct vulnerability assesment of the application webserver. This study aims to improve the security of the application webserver so that the data and information in it is secure. The method used in this study is the Penetration Testing Execution Standard which is one of the methods developed by the Pentest Organization to become a standard in analyzing or auditing security systems. The results of vulnerability testing using software Acunetix, Nikto, BurpSuite and Owasp, there are seven types of vulnerabilities, namely: X-Frame Header Options is Missing, CSRF Attack, Cookie Without Only Flash, DNS Vulnerability, Ddos Attack, Bruteforce Page Login and Open Port. The vulnerability can be exploited, where the level of application vulnerability is in the medium category. The recommendations for fixing vulnerabilities can be applied by the developer, so that after repairs are made, the vulnerability level of the application webserver is in the low category and there is only one type of vulnerability, namely Brute Force Page Login.
References
Sugiartawan, P., Rustina, I. D. K. R., & Insani, R. W. S. (2018). E-Government Media Informasi Alat Kelengkapan Dewan Provinsi Bali dan Media Diskusi Berbasis Website. Jurnal Sistem Informasi dan Komputer Terapan Indonesia (JSIKTI), 1(2), 75-86. DOI: https://doi.org/10.33173/jsikti.17 .
Badan Siber Sandi Negara. (2019). Laporan Tahunan Gov-CSIRT 2019 .
Azis, H., & Fattah, F. (2019). Analisis Layanan Keamanan Sistem Kartu Transaksi Elektronik Menggunakan Metode Penetration Testing. Ilkom Jurnal Ilmiah, 11(2), 167-174. DOI: https://doi.org/10.33096/ilkom.v11i2.447.167-174 .
Karayiannis, C. (2019). Web-Based Projects that Rock the Class. Build Fully-Functional Web Apps and Learn Through Doing. Apress. DOI: https://doi.org/10.1007/978-1-4842-4463-0 .
Goel, J. N., Mehtre, B. M. (2015). Vulnerability Assessment & Penetration Testing as Cyber Defence Technology. Procedia Computer Science, 57, 710-715. DOI: https://doi.org/10.1016/j.procs.2015.07.458 .
Chu, G., & Lisitsa, A. (2018). Penetration Testing for Internet of Things and Its Automation. In 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), 1479-1484. DOI: https://doi.org/10.1109/HPCC/SmartCity/DSS.2018.00244 .
Krasniqi, G., & Bejtullahu, V. (2018). Vulnerability Assessment & Penetration Testing: Case Study On Web Application Security. UBT Knowlegde Center – Making Local Knowlegde Visible. DOI: https://doi.org/10.33107/ubt-ic.2018.213 .
Syarifudin, I. (2018). Pentesting dan Analisis Keamanan Web Paud Dikmas. Zenodo.org. DOI: https://doi.org/10.5281/zenodo.1211847 .
Khera, Y., Kumar, D., Sujay, S., & Garg, N. (2019). Analysis and Impact of Vulnerability Assessment and Penetration Testing. In Proceedings of the International Conference on Machine Learning, Big Data, Cloud and Parallel Computing: Trends, Prespectives and Prospects, COMITCon, 525–530. DOI: https://doi.org/10.1109/COMITCon.2019.8862224 .
Goutam, A., & Tiwari, V. (2019). Vulnerability Assessment and Penetration Testing to Enhance the Security of Web Application. In 2019 4th International Conference on Information Systems and Computer Networks, ISCON, 601–605. DOI: https://doi.org/10.1109/ISCON47742.2019.9036175 .
Gupta, U., Raina, S., Verma, P., Singh, P., & Aggarwal, M. (2020). Web Penetration Testing. International Journal for Research in Applied Science and Engineering Technology, 8(5), 56–60. DOI: https://doi.org/10.22214/ijraset.2020.5011 .
Abu-Dabaseh, F., & Alshammari, E. (2018). Automated Penetration Testing : An Overview. Academy and Industry Research Collaboration Center (AIRCC), 121–129. DOI: https://doi.org/10.5121/csit.2018.80610 .
Ula, M. (2019). Evaluasi Kinerja Software Web Penetration Testing. TECHSI - Jurnal Teknik Informatika, 11(3). DOI: https://doi.org/10.29103/techsi.v11i3.1996 .
M, S. P., & Lobo, S. J. (2019). A Study on Advanced Cross Site Request Forgery Attacks and its Prevention. Journal of Web Development and Web Designing, 4(2), 31–35. DOI: http://doi.org/10.5281/zenodo.3346240 .
James, L., & D, D. E. (2020). Technique to Thwart Brute-Force Attack : A Survey. International Journal of Scientific Research in Science, Engineering and Technology, 7(1), 235–237. DOI: https://doi.org/10.32628/ijsrset207139
