Text

Rancang bangun platform pengintaian otomatis dan validasi kerentanan berbasis OWASP web security testing guide (WSTG) V4.2 untuk remote automation uji penetrasi keamanan sistem web menggunakan bot Telegram

---

Abstrak:
Meningkatnya insiden peretasan situs web yang berdampak pada ranah Pendidikan mengakibatkan kebocoran data dan informasi yang bersifat konfidensial. Oleh karena itu diperlukan tools yang mampu mendeteksi dan menghitung kerentanan sistem web dengan valid dan efisien. Dalam penelitian ini dilakukan pengembangan platform Pengintaian Otomatis dan Validasi Kerentanan untuk remote automation uji penetrasi keamanan sistem web menggunakan bot telegram. Untuk mengukur bahwa kerentanan terdeteksi secara valid, dilakukan analisis Validasi Kerentanan berdasarkan OWASP Web Security Testing Guide v4.2. Platform ini dikembangkan menggunakan metode Agile yaitu Scrum Model. Platform usulan diuji secara fungsional menggunakan metode black box dan smoke, hasil yang ditunjukkan adalah dapat berjalan sesuai dengan hasil yang diharapkan. Selanjutnya diuji secara performa menggunakan metode load dan efficient time didapatkan hasil rata-rata pengecekan memakan waktu selama 19 menit 36 detik dengan nilai load tertinggi sebesar 0,38 dan 0,2 GB untuk system load. Hasil validasi kerentanan berdasarkan OWASP WSTG v4.2 menggunakan metode confusion matrix didapatkan hasil accuracy sebesar 82% dan nilai recall sebesar 81%, lalu dilanjutkan dengan pengujian kompatibilitas. Platform ini kompatibel di empat sistem operasi dengan tiga versi yang berbeda. Dari pelaksanaan User Acceptance Test, didapatkan hasil penerimaan sebesar 100%. Platform ini mampu mendeteksi dan melakukan enumerasi kerentanan secara valid dan efisien.
Abstract:
The increasing incidence of website hacking that impacts the Education domain results in the leakage of confidential data and information. Therefore, tools are needed that are able to detect and calculate web system vulnerabilities accurately and efficiently. In this research, the development of an Automated Reconnaissance and Vulnerability Validation platform for remote automation of web system security penetration tests using Telegram bots was carried out. To ensure that vulnerabilities are detected correctly, a Vulnerability Validation analysis based on the OWASP Web Security Testing Guide v4.2 is performed. This platform was developed using the Agile method, namely the Scrum Model. The proposed platform is functionally tested using black box and smoke methods, and the results show that it can run according to the expected results. Furthermore, it is tested for performance using the load and efficient time methods; the results show that the average check takes 19 minutes, 36 seconds, with the highest load value of 0.38 and 0.2 GB for system load. The results of vulnerability validation based on OWASP WSTG v4.2 using the confusion matrix method obtained an accuracy of 82% and a recall value of 81%, and then we continued with compatibility testing. The platform is compatible across four operating systems with three different versions. After the implementation of the User Acceptance Test, the acceptance result was 100%. The platform is able to detect and enumerate vulnerabilities validly and efficiently.

---

Availability

Detail Information

Series Title

--

Call Number

2023 KEV r

Publisher

Bogor : Politeknik Siber dan Sandi Negara., 2023

Collation

xv, 96 halaman

Language

Indonesia

ISBN/ISSN

--

Classification

Rekayasa Keamanan Siber

Content Type

-

Media Type

-

Carrier Type

-

Edition

--

Subject(s)

Uji Penetrasi
SCRUM
Bot Telegram
OWASP WSTG
Pengintaian Otomatis
Validasi Kerentanan

Specific Detail Info

--

Statement of Responsibility

Kevin Yehezkiel Gurning

Other version/related

File Attachment

Comments

---

You must be logged in to post a comment