Text

Uji penetrasi sistem keamanan berbasis OWASPWeb Security Testing Guide (WSTG) v4. pada website milik humas pemerintah kota Jayapura

---

Humas Pemerintah Kota Jayapura adalah bagian dari institusi pemerintahan, yang bertanggung jawab untuk menyampaikan penyelenggaraan kegiatan-kegiatan pemerintahan kepada masyarakat. Hal ini merupakan wujud transparansi dalam penyelenggaraan pemerintahan. Dalam menjalankan tugasnya, diperlukan wadah penyampaian informasi (website) yang dapat diakses dengan mudah dan tidak rentan terhadap serangan siber. Oleh karena itu, diperlukan adanya uji penetrasi sistem keamanan untuk mengidentifikasi celah keamanan pada sistem, agar selanjutnya dapat dilakukan perbaikan. Uji penetrasi dalam penelitian ini, dilakukan dengan berbasis OWASP WSTG v4.2, di mana fase pengujian yang diterapkan, meliputi : Information Gathering, Configuration and Deployment Management Testing, Identity Management Testing, Authentication Testing, Authorization Testing, Session Management Testing, Input Validation Testing, dan Testing for Weak Cryptography. Dalam penelitian ini, uji penetrasi dilakukan secara manual serta menggunakan tools terotomatisasi. Berdasarkan desain penelitian yang diajukan, ditemukan bahwa terdapat terdapat 12 kerentanan, dengan klasifikasi sebagai berikut: tiga kerentanan dengan kategori medium, tujuh kerentanan dengan kategori low, dan dua kerentanan dengan kategori informational. Temuan kerentanan berdasarkan OWASP ZAP ini kemudian digunakan dalam fase pengujian berikutnya sebagai bagian dalam identifikasi dan validasi kerentanan. Rekomendasi perbaikan dari temuan celah kerentanan kemudian disusun berdasarkan metode Double-SMART yang diharapkan agar dalam memberikan rekomendasi yang terukur dan tepat sasaran. --

Jayapura City Government Public Relations is part of a government institution, which is responsible to conveying the implementation of government activities to the society. This is a form of transparency in the administration of government. In carrying out its duties, a forum for conveying information (website) is needed that can be accessed easily and is not vulnerable to cyberattacks. Therefore, it is necessary to have a security system penetration test to identify security gaps in the system, so that further repairs can be made. Penetration tests in this study were carried out based on OWASP WSTG v4.2, where the testing phases applied, include: Information Gathering, Configuration and Deployment Management Testing, Identity Management Testing, Authentication Testing, Authorization Testing, Session Management Testing, Input Validation Testing, and Testing for Weak Cryptography. In this study, penetration tests were carried out manually and using automated tools. Based on the proposed research design, it was found that there were 12 vulnerabilities, with the following classification: three vulnerabilities with the medium category, seven vulnerabilities with the low category, and two vulnerabilities with the informational category. These vulnerability findings based on OWASP ZAP are then used in the next phase of testing as part of vulnerability identification and validation. Recommendations for improvement from vulnerability gap findings are then compiled based on the Double-SMART method which is expected to provide measurable and targeted recommendations.

---

Availability

Detail Information

Series Title

-

Call Number

2022 REG u

Publisher

Bogor : Politeknik Siber dan Sandi Negara., 2022

Collation

xvii, 112 hlm.

Language

Indonesia

ISBN/ISSN

--

Classification

--

Content Type

-

Media Type

-

Carrier Type

-

Edition

--

Subject(s)

Humas Pemerintah Kota Jayapura
OWASP WSTG v4.2
Uji Penetrasi Sistem Keamanan
Website

Specific Detail Info

-

Statement of Responsibility

Regina Christanty Beatrix Hadjo

Other version/related

File Attachment

Comments

---

You must be logged in to post a comment