Image of Implementasi Otomasi Uji Penetrasi Serangan Terdistribusi Menggunakan Dynamic Infrastructure Framework Axiom pada Sistem Berbasis Web
Bookmark Share

Text

Implementasi Otomasi Uji Penetrasi Serangan Terdistribusi Menggunakan Dynamic Infrastructure Framework Axiom pada Sistem Berbasis Web

Abstrak:
Penggunaan internet terus meningkat dikarenakan meningkatnya penggunaan sistem berbasis web, karena hampir disetiap aspek kehidupan saat ini menggunakan sistem berbasis web, berdasarkan laporan Hackerone 2021 meningkat pula serangan siber terutama pada sistem berbasis web. Salah satu cara untuk mengetahui kerentanan pada sistem berbasis web adalah melakukan uji penetrasi. Penelitian yang sudah dilakukan adalah mengimplementasikan otomasi uji penetrasi secara terdistribusi pada sistem berbasis web menggunakan Dynamic Infrastructure Framework Axiom sebagai tools membangun infrastruktur secara terdistribusi. Peneliti melakukan pengujian tiga kerentanan yaitu, Cross-site Scripting atau XSS, SQL Injection, dan Arbitary Code Injection, karena ketiga kerentanan tersebut masuk ke sepuluh besar kerentanan terbanyak yang ditemukan berdasarkan laporan Hackerone 2021. Hasil dari penelitian yang sudah dilakukan adalah terlihat perbedaan waktu pengujian yang signifikan antara otomasi uji penetrasi terdistribusi dan tanpa terdistribusi yang dimana otomasi uji penetrasi terdistribusi lebih cepat daripada uji penetrasi tanpa terdistribusi maupun terotomasi.
Abstract:
The increasing use of the internet is attributed to the growing reliance on web-based systems, as nearly every aspect of present-day life utilizes such systems. According to the HackerOne 2021 report, there has also been a rise in cyberattacks, particularly targeting web-based systems. One method of identifying vulnerabilities in web-based systems is through penetration testing. The conducted research involves the implementation of distributed penetration testing on web-based systems using the Dynamic Infrastructure Framework Axiom as a tool for constructing distributed infrastructure. The researchers tested three vulnerabilities: Cross-site Scripting (XSS), SQL Injection, and Arbitrary Code Injection. These three vulnerabilities are among the top ten most frequently identified vulnerabilities according to the HackerOne 2021 report. The results of the research reveal a significant difference in testing times between distributed and non-distributed automated penetration testing. Distributed automated penetration testing was notably faster compared to both non-distributed and non-automated penetration testing.

Availability

No copy data

Detail Information
Series Title
--
Call Number
2023 PRA i
Publisher
Bogor : Politeknik Siber dan Sandi Negara.,
Collation
xv, 105 halaman
Language
Indonesia
ISBN/ISSN
--
Classification
Rekayasa Keamanan Siber
Content Type
-
Media Type
-
Carrier Type
-
Edition
--
Subject(s)
Otomasi
Uji Penetrasi
Website
terdistribusi
dynamic framework
Specific Detail Info
-
Statement of Responsibility
Other version/related

No other version available

File Attachment
No Data
Comments
You must be logged in to post a comment